This website uses cookies to ensure you get the best experience on our website. More info. Accept Reject

Ransomware: The Increasing Threat to Schools

Ransomware Threats Against Schools Header

At the start of the 2020 and 2021 term schools received a letter from the Department of Education (DfE) and the National Cyber Security Centre (NCSC) highlighting the increasing number of Ransomware attacks affecting the education sector and advised that schools undertake a backup review to ensure that their data is fully protected.

These attacks have become an issue for public services and have continued to increase not just in the UK but globally. The most recent large-scale attack was on a school district in Massachusetts that caused the closure of the organisation and suspension of remote learning while investigations took place.

NCI Technologies have always encouraged schools to review their systems, processes and awareness training to ensure they are fully up-to-date and protected from Ransomware. This advice is becoming ever more important for school and we are here to support you with this.

Although schools are focussed on more than just their IT provision right now, we thought it was worth revisiting the subject as the effects of Ransomware can be devastating. Understanding and taking preventative steps can drastically reduce the prospect of an attack and its effects on your school. 

What is Ransomware and How Does it Work?

Ransomware is malicious software that infects a computer, network or data. A computer will either be locked or have the data encrypted, held hostage, and the only way to regain access is by paying a ‘ransom’.

On many occasions, some forms of Ransomware will spread to other parts of your network infecting other digital devices such as websites, telephones and services you may operate. To unlock your data payment is demanded, in many cases, as cryptocurrency such as Bitcoin. There is no guarantee that if you make this payment that your data will be reinstated therefore it is always recommended that critical data is backed up. This means if the worst should happen your data can be easily recovered, and downtime is kept to a minimum for staff and pupils. 

The diagram below shows how a Ransomware attack might occur.

How Ransomware Works Diagram

1. A user either clicks on a malicious website or email link.

2. This then infects their desktop and encrypts local files.

3. Servers and file shares then become encrypted.

4. Data is then copied to the criminal.

Why are Schools Vulnerable?

Schools have become magnets for Ransomware due to a mix of factors. These factors can include the amount of personal data held for long periods, a lack of awareness of malicious threats, poor network defences and the use of older technology due to budget constraints. Learning platforms, digital devices and the range of access points can leave schools wide open to attack if they are not securely set up. The personal data held by schools can be so in-depth that it is particularly attractive to hackers. As a result, some Ransomware groups steal this data before encrypting it with a view to selling the information on the Dark Web. This means even if you can recover your critical data from backups there is still a risk that you are open to extortion so that your data is not revealed online. 

How to Fight Back Against Ransomware

Along with the National Crime Agency we never recommend paying Ransomware as there is no guarantee that access to your data will be restored. Instead, we recommend the following preventative steps to limit your chances of being hit by an attack.

Proactive IT Security

Review your current IT security and internet service measures to ensure you have proactive defences in place to protect your networks. Your IT security provider will be able to recommend the latest technology to help you stay one step ahead of any potential internal or external malicious threats.


Along with your IT security, having the ability to restore systems and recover data backups is vital. You should discuss with your IT provider that the correct data is being backed up, backups are held offline and that your backup process has been fully tested. To adhere to current GDPR guidance organisations should also have ‘the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical Incident’.

For a roundup on the latest advice from the Department for Education on backing up and protecting data please click here.

You can also watch our latest webinar ‘The Importance of Backing Up Microsoft and G Suite Data’ here.

Educate your staff and pupils

Make your staff and pupils another line of defence against cyberattacks by educating them on the importance of good cyber hygiene and how to spot potential malicious threats. Many IT support providers offer online training or free webinars that could help further educate your staff.

Plan for disaster and managing risk

Have a plan in place for your school to follow should you get hit by a Ransomware attack. You should test run your plan of action so everyone in your organisation and third parties understand their roles and responsibilities to help you recover quickly. The National Cyber Security Centre has further advice on mitigating the risks and dealing with the effects of a Ransomware attack. Click here for their up-to-date guidance.

For more information on the increased risks schools face from Ransomware view our data partner, Redstor’s latest webinar ‘Police Webinar: Facing The Increased Ransomware Threat To Schools’ here.

Talk to us!

If you would like to discuss securing your school against Ransomware and other malicious threats, NCI Technologies is here to help. Our helpful team of IT support experts will be happy to offer recommendations on ways you can improve your IT security or backup processes. 

Free 30-minute review appointments are available to book online here. You can contact us here or call us on 01326 379 497 to speak to our friendly sales team.




Leave a comment below

Call Me Back

I would like to discuss NCI Services & Support