Hackers target Cambridge Meridian Academies Trust with ransomware attack
An academy trust with schools across the Cambridge region has been targeted by hackers.
Cambridge Meridian Academies Trust confirmed its systems came under cyber attack and has reported the matter to the government.
The trust includes North Cambridge Academy, Swavesey Village College, Ely College, Northstowe Secondary College and Bar Hill Primary.
It fell victim to the growing threat of ransomware – a type of malware that prevents you accessing your computer, or data stored on it. Often, hackers use this form of attack to demand payment to enable users to get back into their systems, although the academy trust did not confirm if this was the case here.
A spokesperson for the trust said: “Our IT team identified ransomware within our network on Friday, March 12 and we acted quickly to keep any disruption to a minimum for our students and staff.
“After a weekend of hard work, all our schools opened as normal on Monday (March 15): core services are either back online already or will be fully restored over the next few days.
“This matter has been reported to the government’s National Cyber Security Centre as is routine in this situation. We do not believe that any sensitive or personal information has been accessed. Parents and students should check their school’s website for further details.”
Trust devices, including administrative desktop computers, students’ desktops, staff and student laptops, have been handed over for checking and rebuilding. It is thought that the attack resulted from a phishing email.
Students have been unable to access their emails since the attack, with some asked to check that they have coursework backed up.
ICT classrooms have not been in use and are likely to be out of action until next week at the earliest.
Students had only begun returning for face-to-face teaching last week following the national lockdown.
The attack also caused some of the schools to have problems with their phone lines on Monday, with others forced to suspend Covid-19 testing.
A NCSC spokesperson said: “We are aware of this incident and are working with the Cambridge Meridian Academies Trust and law enforcement partners to fully understand its impact, though the Trust has confirmed that the immediate disruption to students and staff has been mitigated.
“The NCSC works closely with the education sector and we have published practical resources to help schools improve their cyber security and response to cyber incidents.”
Ransomware attacks can leave a computer locked up, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that hit the NHS in May 2017.
Usually victims are asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make a payment. The payment is invariably demanded in a cryptocurrency such as Bitcoin.
The attack is the latest in an increased number of ransomware attempts affecting schools, colleges and universities. The increase prompted the NCSC to release an alert in September last year to those responsible for IT and data protection at education establishments.
It warned the hackers could target the victim’s network in a number of ways, including via remote desktop sessions, unpatched or unsecure devices and through phishing emails.
A ‘Future Workspaces’ report –released yesterday (Tuesday) by lawyers at Harrison Clark Rickerbys in Cambridge – found the first lockdown saw a steep rise in cyber-attacks, from 137 to 9,116 incidents from January to March last year.
This has escalated over the past year, with Barracuda Networks reporting a 600 per cent increase in phishing emails at one point.
A statement from Ely College on Monday said: “All staff and student passwords have been reset – these will be shared with staff over the next 24 hours to restore access to email and cloud-based documents. These will not be shared with students yet as they are unlikely to have access to college devices until next week,
“Administrative computers will be restored and external communications should be back up to full strength through today and over the next couple of days. Teachers’ computers will be restored through the week, but this is likely to have some impact on usual teaching and delivery throughout the rest of the week.
“As a result of this disruption, we have put some immediate and short-term measures in place to support safeguarding and communication with parents.”
These included postponing a parents’ evening event and pushing back deadlines for some students.
The statement continued: “We have suspended Covid-19 testing of Year 11, 12 and 13 in college today and have instead issued the home-testing kits – we would like students in these year groups to test themselves this evening and report the result to the NHS on this link. We would also like you to notify us on COVID19@elycollege.co.uk if any home test returns a positive result. We will continue with college testing tomorrow (Tuesday) and Wednesday and will issue home testing kits to the rest of the college over the next two days
“As staff have limited access to MS TEAMS, there may be some disruption to teachers’ ability to set homework assignments online. Teachers will communicate to students where this is the case.”