The Harris Federation, a not-for-profit educational trust, recently suffered a ransomware attack that resulted in its email servers and dedicated IT systems being taken down. The impact of the attack against the multi-academy trust based in London was extensive, affecting a total of 50 different schools.

The Harris Federation operates a mix of both secondary and primary academies attended by around 37,000 students who live around the UK capital and its surrounding area.

School communication systems hit by the hack

The targeted attack aimed at the Educational Trust’s systems by malicious actors took place during the weekend on March 27. After infiltration of its network was successfully achieve the attackers managed to compromise and encrypt the entirety of the Harris Federation’s dedicated IT systems, effectively locking staff out.

After identifying the malicious attack, the not-for-profit organisation moved to disable both the landline phone connections and email systems, transferring all incoming phone calls so they would be redirected to employees’ mobile phones instead. Harris Federation also issues many of its students with devices for school use, and along with the organisation’s own systems, these were also disabled to stop the crypto malware spreading further.

A statement issued by the Harris foundation proclaimed:

“This is a highly sophisticated attack that will have a significant impact on our academies, but it will take time to uncover the exact details of what has or has not happened, and to resolve.”

The non-profit educational trust is now working alongside leading experts and the authorities to look into the incident. Assistance onboard includes a professional cybersecurity company, the National Cyber Security Centre (NCSC) and the National Crime Agency.

Rise in cyberattacks launched against UK schools

The Harris Federation also commented that the attack on its IT systems was not an isolated incident, adding that many other schools across the country had also been impacted by similar assaults. It stated:

“We are at least the fourth multi-academy trust to have been targeted in March.”

The recent attack comes after an updated warning released by the NCSC on March 23 advising of a spike in targeted attacks launched at education institutions identified earlier this year in February.

The current wave of insidious ransomware attacks is following a torrent of raids that affected the UK’s education sector in the summer of 2020, between August and September. Newcastle University was among the affected organisations and institutions, and was struck by the infamous DoppelPaymer ransomware.

The NCSC is not alone in its warnings; recently the FBI in issued an advisory stating it had spotted increased use of Pysa ransomware targeting education sector facilities in the UK and the US.

At present, no information identifying the ransomware operation behind the attack on the Harris Federation has surfaced, although members of the cybersecurity community have voiced suspicions that the REvil ransomware group may be responsible.

Despite the recent attack on its systems, the trust managed to keep all of the Harris Academies operating effectively until the term ended on March 31.