Education charity Harris Federation has become the fourth multi-academy trust to have suffered a ransomware attack since late February. The ransomware attack has forced the charity to shut down IT systems, and temprarily disable its email system and switchboard services.
The Harris Federation, which now runs fifty primary and secondary academies in London and Essex with more than 36,000 pupils enrolled, announced on Monday that it suffered a ransomware attack last Saturday that enabled hackers to access its IT systems and encrypt their contents. The charity is presently working with cyber security experts to investigate the attack and restore all affected systems.
In a press release, Harris Federation said that after discovering the ransomware attack, it disabled its email system used by more than 40,000 students, as well as its telephone systems and switchboard services as a precaution.
"This is a highly sophisticated attack that will have significant impact on our academies but it will take time to uncover the exact details of what has or has not happened, and to resolve. In addition to using the services of a specialised firm of cyber technology consultants, we are working closely with the National Crime Agency and the National Cyber Security Centre," the education charity said.
An NCSC spokesperson said, “We are aware of an incident affecting the Harris Federation and are working with the trust and law enforcement to fully understand its impact."
The federation has confirmed that its academies will remain open but it will provide further updates about the ransomware attack once it has clarity about the incident. "Because we do not want to risk providing incorrect information, we will communicate further once we have clarity and liaise as appropriate with the Information Commissioner’s Office," it added.
Harris Federation's announcement came shortly after the National Cyber Security Centre issued an alert concerning an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges, and universities.
NCSC said that it observed a spurt in ransomware attacks targeting educational institutions in the UK since late February with cyber criminals threatening to release sensitive data if a ransom is not paid. The cyber security watchdog said that these threats are very real as several ransomware gangs have followed through with their threats by releasing sensitive data to the public.
"In recent incidents affecting the education sector, ransomware has led to the loss of student coursework, school financial records, as well as data relating to COVID-19 testing," NCSC said, adding that ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to re-enable critical services.
Commenting on the ransomware attack targeting the Harris Federation, Kevin Galvin, senior product manager at Quest Software, told TEISS that any last vestiges of a false sense of security by anyone – if there is anyone - who still thought that they had a nice perimeter around their IT environment is gone.
“With the pandemic, the bad guys are taking advantage of the current lack of control caused by a sudden flood of remote devices hitting our networks from practically endless amounts of unknown places because every device hitting your network is an attack vector. So, you need to be able to discover, manage and secure everything using a unified endpoint management approach.
“Using multiple, disparate tools creates gaps in your IT security foundation. Instead of managing your IT environment, you end up managing management systems. The good news is that these attacks are typically caused by a known exploit for which there has already been a patch available for months or years. Practice good IT vulnerability scanning and patching, and you are much less vulnerable to attack on your organisation’s bottom line and reputation,” he added.
According to NCSC, hackers are frequently targeting organisations’ networks through remote access systems such as remote desktop protocol (RDP) and virtual private networks (VPN) as the use of these systems has skyrocketed since the pandemic forced organisations to switch to remote work.
Remote desktop protocols (RDPs) enable employees to access their office computers through other devices, but feature security weaknesses such as insecure RDP configurations or weak passwords set by workers. These weaknesses are being exploited by hackers via brute-force attacks and credential-stuffing attacks.
Hackers are also exploiting known or unpatched vulnerabilities in popular VPN appliances, such as Citrix, Fortinet, Pulse Secure, and Palo Alto to infiltrate networks and are also carrying out phishing campaigns to deploy ransomware or gain access to users' credentials.