With a wealth of sensitive data retained on file, local educational authorities (LEAs), just like local councils, are a prime target for certain cybercriminal operations. One particular sector of threat actors, ransomware operators have been quick to identify the rich storehouse these institutions possess that can be plundered in attacks.

This increase in attacks on educational establishments in the United Kingdom, has led the National Cyber Security Centre (NCSC) to issue continuing warnings to universities, schools, colleges, and the institutions that govern them.

Ransomware attacks involve threat operators accessing the private networks and interconnected devices of educational institutions. Once they have obtained a foothold, attackers move laterally from their staging area searching for unprotected data. Sensitive and therefore valuable information is exfiltrated before being encrypted. Authorities are locked out of their systems and computers disabling them from accessing key data they need to operate and stopping them from providing the important services they offer.

Operators demand a ransom in return for the dedicated decryption device to free the systems, and as backup use the stolen private files as leverage to force a payment. If one is not forthcoming, the attackers threaten the release of information and a subsequent data breach.

It is much easier to act prior to a ransomware attack than mitigate the effects of one in progress. To this end, educational authorities must be aware of the attack vectors used by ransomware operators and remain vigilant.

Remote access

Operators frequently zero in on a victim’s networks via remote access systems like virtual private networks (VPNs) and remote desktop protocols (RDPs). These options are among the most common vectors used by ransomware gangs to access networks. RDP is a common protocol used in remote desktop sessions, empowering staff to access their servers or office desktops from a personal device via the internet. RDP configurations that are insecure are frequently abused by ransomware attackers, helping them obtain initial access to a target’s devices.

Poor password management

Attackers exploit passwords that are simple to crack and systems that are not safeguarded with multifactor authentication (MFA) methods.


The use of phishing emails is a prevalent attack path used by malicious operators to deploy ransomware. Carefully designed emails urge and convince users to open up malicious files containing malware or click on a link that has the same effect.

Providing a safer staff workspace

The Galaxkey secure workspace was designed for LEAs, local authorities, educational institutions, and enterprises in need of a way of working free from cyberthreats. Our unique system has been engineered to offer no back doors that ransomware operators can exploit and never stores passwords where they can be stolen.

Our system also provides the option to add powerful three-layer encryption to any data file or email communication ensuring that, should an attacker penetrate your network, they will be unable to encrypt or view your private content.

Get in touch with our expert team today and experience a free 14-day trial to improve your protection levels, whether you store data in the cloud or on your premises.