Protect Your School From Ransomware

How to Protect Your School from Ransomware Attacks

The outbreak of the Coronavirus, UK lockdown, school closures and having to work from home has, and is still causing a huge impact on teachers.

We have found ourselves in a situation where teachers are either using their own computer or a school-provided machine but on a home network - which may lack some of the security measures usually in place in schools. This has resulted in weaker security, providing large opportunities for system infection and data theft.

This also saw an increase in the number of cyber criminals quickly adapting their techniques to exploit concerns relating to COVID-19.

The Department for Education and the National Cyber Security Centre (NCSC) has been made aware of an increasing number of cyber attacks involving ransomware in the education sector during the last few weeks of the Summer Break. Ransomware attacks are becoming more focussed, and thus more effective.

Ransomware cyber attack

What Is Ransomware

Ransomware is a form of malware, primarily spread through phishing emails that contain malicious attachments, that encrypt data on anything from a single computer, all the way up to an entire network. Hackers instill fear and panic into their victims, by demanding a ransom be paid. However, even if the ransom is paid, there is no guarantee that data will be restored or unencrypted. This is known as wiper malware.

Ransomware displays intimidating messages like the images below:


Petya malware display messages


Wannacry malware display messages

How does ransomware impact schools?

The education sector can be a tempting target to cyber criminals, causing huge implications for schools because of the amount of sensitive data they hold. Information about students, staff details, financial data, details on vulnerable people and more. Hackers know if they can put that data in danger, schools will do anything to rescue it.

How to prevent attacks

Having a secure network that only those within your school have access to will help to protect your network from potential attacks. Segmenting your network can help limit the spread of ransomware. Having a separate network for guests is one way to help prevent unwanted access to the schools data.

While it’s not necessarily possible to be completely secure from ransomware (and other malware) attacks, there’s a few best practices that can help significantly cut down the risk of infection:

  • Anti-virus: Use anti-virus software on all of your devices and configure it to automatically update.
  • Updates: Install the latest software and app updates on all of your devices. This will help protect your device from viruses and hackers.
  • Backups: Make regular backups of your most important files. Ensure that a backup is kept separate from your network, or in a cloud service designed for this purpose.
  • Emails: A lot of malware (particularly targeted attacks) is spread through email, a message may pretend, and look to be legitimate while containing malware in an attachment. Ensure an email is from a trustworthy source before interacting.
  • Secure passwords: Create different passwords for each account and use a few random words (or letters) and numbers, ensuring this is memorable without using personal information (birthdays, names etc).
  • Improving employee’s awareness is critical when it comes to limiting the impact of ransomware. Treat suspicious emails with caution. Look at the domain name that sent the email. Check for spelling mistakes, review the signature and the legitimacy of the request. Hover over links to check where they lead to, never click on them without being sure.

    Firewalls and Filtering

    Firewalls prevent unauthorised access to an individual system or a network of computers. All messages, from an external source or leaving the system, pass through the firewall. If they do not meet security standards they are discarded, working as a filter to block suspicious and unsafe traffic. This is why we recommend Fortigate firewalls, for all of our customers.

    Content filtering services such as SurfProtect Quantum, block inappropriate websites which can contain malicious files, that can harm your system. SurfProtect can also block certain file types from being downloaded by unauthorised users, cutting down the chances of a ransomware attack.

    What to do if you have been infected

    If your school’s network has already been infected with malware you should contact the NCSC. Establishing effective incident management policies and processes will help a school to recover quickly from an attack. If you think you have fallen victim to fraud then contact action fraud on 0300 123 2040, to speak to their fraud and cyber crime specialists, who can offer useful advice on what to do next.

    If you’re interested in our SurfProtect content filtering service or firewalls such as Fortigate, get in touch with Exa Networks on 0345 145 1234 or email