As an indication of the emerging threat of ransomware to the education system, an article by ZDNet has been published covering the UK’s National Cyber Security Centre (NCSC) warning of the recent spike in hackers targeting universities with ransomware attacks in August. As well as seeking payments the hackers have threatened to leak stolen personal data of students if they payment isn’t received.
The NSC has now raised concerns that the focus of the attacks will shift from universities to schools.
READ MORE: Ransomware attack strikes University Hospital New Jersey
The threat against the education sector was highlighted by Digital Journal in mid-September, in relation to a city’s entire scholastic system. This related to Hartford, Connecticut, where officials has no option but to postpone the first day of the new school calendar year. This was following a ransomware infection which impacted the city’s IT network.
Looking into the issue for Digital Journal Ashish Gupta CEO of Bugcrowd. According to Gupta, this incident has demonstrated the importance of proactively securing programs to provide a secure virtual learning experience.
ALSO READ: Top tips for staying ahead of the ransomware threat curve
Gupta explains how “Vulnerabilities exist in every platform, including Learning Management Systems used by schools to enable remote learning. However, with the speed schools have been pushed at to enable widespread remote learning, there is an even greater chance that their developers inadvertently create or are completely unaware of severe flaws adversaries can exploit to launch devastating attacks. ”
With what is happening in the U.K., Gupta recommends that schools put in measures promptly: “It is the responsibility of both higher education and even K-12 schools have for not only the physical safety of students, but now the digital protection of students’ data as well, especially as these education institutions implement LMS solutions on the fly. Failing to ensure security at the scale needed will grant attackers access to large quantities of student and even teacher information, as well as the ability to inject ransomware into insecure school networks.”