Information For Schools About Ransomware

Published: 3 September 2019
South Yorkshire Police have asked us to circulate information about ransomware attacks against schools.



Ransomware Attacks Against Schools


Recently, we have seen ransomware attacks against schools and companies within the Yorkshire region. Ransomware typically encrypts one or more IT systems, causing them to become inoperable unless a company pays a ransom (usually in Bitcoin or another cryptocurrency). Please be alert and prepared against any potential attacks to mitigate against any data loss. In one particular instance, a school received a ransomware attack that has encrypted the school’s server and has demanded payment in bitcoin to release the encrypted data files back to the school. Fortunately, the school are able to recover a considerable amount of the data because of routine back-ups but this will take time and staff resources to do so. Please follow our advice (as outlined by the NCSC and Action Fraud) on how to mitigate against possible ransomware attacks.


How to protect yourself: 


  • Anti-virus: Use anti-virus software on all of your devices and configure it to automatically update. Run a complete scan of your system to check for any malware infections. 
  • Updates: Install the latest software and app updates on all of your devices. These updates will often contain important security upgrades which help protect your device from viruses and hackers.
  • Backups: Backup all of your important data to a storage device that won’t be left connected to your computer or network, such as an external hard drive, or an online storage service.
  • Emails: Don’t open attachments or click on the links within any unsolicited emails you receive. Spoofed emails purporting to be from a person or company you know of can be used to deliver ransomware.


If you would like further detailed, technical advice regarding how to protect your infrastructure, please see the following from the NCSC website.


What to do if you (or your organisation) has been infected with malware


If your organisation has already been infected with malware, these steps may help limit the impact of the infection.


1.    Immediately disconnect the infected computers, laptops or tablets from network.


2.    Turn off your Wi-Fi and unplug any ethernet or network carrying cables.


3.    Safely format or replace your disk drives and reinstall the OS.


4.    Connect the device to a clean network in order to download, install and update the OS and all other software.


5.    Install, update, and run antivirus software.


6.    Reconnect to your network.


7.    Monitor network traffic and run antivirus scans to identify if any infection remains.


If you think you may be a victim:


  • Report to Action Fraud by calling 0300 123 2040.
  • Don’t pay extortion demands as this only feeds into criminals’ hands and there’s no guarantee that access to your files will be restored if you do pay.