Six individual schools located on England’s Isle of Wight, as well as the umbrella organisation they operate under have been hit by a targeted ransomware attack.

The attack left both pupils and educators alike unable to gain access to their online systems, and its aftermath has caused significant disruption to the commencement of the 2021-22 school year next month.

Ransomware gangs are increasingly striking out at educational institutions and local authorities in the UK. Providing crucial services to the communities nearby, they make ideal targets for ransomware attacks that use the chaos and interruptions they cause as leverage to convince victims to acquiesce and make a payment.

Schools locked out of important data

According to the Isle of Wight Education Federation, the recent attack on the schools took place somewhere between July 28 and July 29 and resulted in school data being completely encrypted and rendered inaccessible.

While it is not currently clear precisely how the targeted attack was conducted and exactly what type of data has been interfered with, educational institutions commonly collect an extensive selection of sensitive and highly confidential personal information on the students who are taught at them and the staff who teach. This can include, names and dates of birth, both postal and email addresses, telephone numbers, and sometimes private medical information.

Lesson plans, exam coursework and results, financial accounting files, and other kinds of confidential documents are also often retained in a schools’ dedicated system.

The Federation commented that all of the schools’ official websites had been shut down from Friday, July 30, but the umbrella organisation was working closely with the local council and the police to comprehend the full extent and effects of the cyberattack.

A spokesperson for the Isle of Wight Educational Federation stated that there were obviously substantial implications of the attack on its schools. It added that it was managing the situation and was taking action to secure its dedicated systems against further attacks launched in the future. This involved working with Information and Communication Technology (ICT) providers and the Government’s Department of Education to ensure appropriate measures and security were in place for the coming academic year.

Devastating effects of a cyberattack

The impacted schools which include Carisbrooke College, Medina College, Island 6th Form, Barton Primary, Lanesend Primary, and Hunnyhill Primary could now face being forced to delay the new school year’s established start date in September.

One school, Lanesend Primary, has already alerted parents that pupils will not be able to return until three days later than originally intended, on September 6.

A spokesperson for the school commented:

“Having spoken to our service provider, we understand that the attack means that all the information that we stored with them has been encrypted.”

The attacks are part of a renewed spike in ransomware assaults against the country’s colleges, schools, and universities. Back in June, this prompted the UK’s National Cyber Security Centre (NCSC) to update its existing cybersecurity guidance designed for the sector, with increased measures suggested.