Harris Federation disables students' emails following ransomware attack

Students at London-based Harris Federation schools have been cut off from their email accounts after the trust became the latest educational institution to fall victim to a ransomware attack.

The incident, which took place over the weekend, comes just days after the University of Northampton fell victim to a cyber attack and follows a worrying trend of hackers targeting educational institutions and disrupting student learning, which has already been heavily affected by the coronavirus pandemic.

The Harris Federation has been forced to “temporarily” disable its email systems and devices of all of the 50 primary and secondary academies that it manages, leaving 37,000 students unable to access their correspondence and coursework.

The academy trust said that the steps were necessary to mitigate the impact of a ransomware attack that encrypted the data on the schools’ IT systems.

It also added that it is “using the services of a specialised firm of cyber technology consultants” as well as “working closely with the National Crime Agency and the National Cyber Security Centre”. Details of the ransom are not publicly available and the trust was not immediately available for additional comment.

In the past five weeks alone, hackers have targeted the University of Northampton as well as Oxford University’s Division of Structural Biology. The recent increase in cyber attacks on educational institutions has prompted the National Cyber Security Centre (NCSC) to issue an alert urging organisations to follow its guidance on ‘Mitigating malware and ransomware.’

NCSC director of operations Paul Chichester labelled the targeting of the education sector by cyber criminals as “completely unacceptable”.

“This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.

“We are committed to ensuring the UK education sector is resilient against cyber threats, and have published practical resources to help establishments improve their cyber security and response to cyber incidents.”

Commenting on the Harris Federation ransomware attack, Ilia Kolochenko, CEO of security company ImmuniWeb said that, “unlike large universities, which can afford spending considerable budgets on cybersecurity, primary schools often struggle to get budgets even for the very foundational security controls, let alone advance cyber defense solutions”.

“Worse, such victims commonly have no choice but to pay the ransom from modest school funds, leaving no money for other activities,” he added.

Kolochenko urged the UK government to "urgently intervene with cyber training, financial and technical support in the UK educational sector”.

“For example, when buying security software, a volume-discount for all schools in the UK could be huge and make even premium security products affordable. Importantly, cyber police units are also deprived of sufficient funding proportional to surging and sophisticated cybercrime.

"Law enforcement agencies require undelayed financial support to attract new professionals, align forensic capacities with modern cyber threats and perform educational support and awareness among future victims.”