News: 1737374581

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Ransomware attack forces Brit high school to shut doors

(2025/01/20)


A UK high school will have to close for at least two days, today and tomorrow, after becoming the latest public-sector victim of ransomware criminals.

Blacon High School in the historic city of Chester, in north west England, said [1]yesterday the attack hit on January 17, and didn't rule out having to shut its doors to students for additional days this week.

Students have not been given the day off, however. Teachers set work for them to complete on Google Classroom over the two days, although they can still visit the school to collect lunch.

[2]

No ransomware crew has claimed responsibility for the attack at the time of writing, and the school is unwilling to comment on whether any data was compromised as a result of the incident.

[3]

[4]

"We have an independent cybersecurity company working in school to understand exactly what has happened," headteacher Rachel Hudson said in a statement. "Until this is completed, I will not be able to provide any further details on any potential data breach."

Many of the school's IT systems are down, although Hudson said senior staff are working to create systems that will enable operations to continue.

[5]

Phone lines are also down, but a temporary number has been established if needed, and additional communication about the incident will be posted to the school's website and social media pages. Parents will also be contacted directly through the Parent Pay platform.

"I will update you as soon as we know more and will aim to open once again to students as soon as we can," Hudson said. "In the meantime, I ask for your support in helping students to complete work at home, especially for Year 11. Thank you for your patience and understanding at this time."

The attack on Blacon High School is the second major ransomware attack on the UK's public sector in a week after the Medusa gang hit [6]Gateshead Council two days earlier on January 15.

[7]

Unlike with the school, the criminals behind the council attack wasted no time in plastering their data leak site with stolen data. Medusa posted 31 pages and screenshots of stolen files, revealing personally identifiable information (PII) belonging to council residents and staff.

It also set a $600,000 ransom demand for the "deletion" of the council's data. Although cybercriminals typically make promises such as these, the prevailing belief among experts is that they are rarely honored.

Hudson said: "Unfortunately, cyberattacks like this are happening more frequently despite having the latest security measures in place. This has sadly been experienced by the NHS, National Rail, other public sector departments, and schools."

The NHS was battered by ransomware last year. The attack on pathology services provider [8]Synnovis over summer caused the most disruption, affecting thousands of appointments and [9]procedures at major London hospitals.

Then, in late November, INC Ransom pounced on Liverpool's [10]Alder Hey – northern England's premier children's hospital – days after an unconnected strike on [11]neighboring NHS hospitals in Wirral .

The news in Blacon also came in the same week as the UK government officially considering a [12]total ban on ransom payments made by public sector and critical national infrastructure (CNI) organizations.

[13]Medusa ransomware group claims attack on UK's Gateshead Council

[14]Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M

[15]UK floats ransomware payout ban for public sector

[16]Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

It's one of three proposals being explored over the next 11 weeks. Another approach being examined is to take the public sector ban a step further and require the biggest private sector organizations to apply for a payment license from the government.

The details are still being fleshed out but given the UK's close political ties to Australia, which recently adopted a similar rule in its Cyber Security Act, the UK may take after its Oceanic cousin and apply the rule to companies that meet a revenue threshold.

Public sector IT overhaul

While Blacon High School hasn't detailed the root cause of the ransomware attack, UK public sector organizations don't genrally have the same financial muscle as commercial businesses to spend on cyber defenses.

The government plans to release a [17]report on January 21 outlining the impact of archaic technology on the public sector. The report will examine matters such as productivity and public satisfaction with services, but also how outdated tech is contributing to the growing threat of cyberattacks.

The technology used by central government alone was found to be outdated in around 25 percent of cases, on average, while the worst cases saw this rise to 70 percent. The report will also say that a growing number of these antiquated systems are "red-rated" for security risk. For the UK's perpetually underfunded state schools, the position of security is likely to be worse.

Jake Moore, global cybersecurity advisor at ESET, said "Schools and other local government agencies often lack funding and consequently may not have the best protection for their systems which makes them soft targets.

"Schools frequently suffer from a lack in funding which can result in weaker network protection and the use of older systems, inadvertently making them susceptible to multiple cyberattacks.

He added: "There are now endless examples of educational systems and councils being struck in similar attacks and often there can be weeks of disruption which causes a knock-on effect to the wider community."

Following the publication of the government's report on archaic tech tomorrow, sweeping reforms are expected to be announced, with the implementation of these led by the Government Digital Service (GDS), which is set to be given more powers. ®

Get our [18]Tech Resources



[1] https://www.blaconhighschool.net/news/?pid=32&nid=2&storyid=55

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z46BOzfmiQq7f-id6OCOrgAAARg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z46BOzfmiQq7f-id6OCOrgAAARg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z46BOzfmiQq7f-id6OCOrgAAARg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z46BOzfmiQq7f-id6OCOrgAAARg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://www.theregister.com/2025/01/17/gateshead_council_cybersecurity_incident/

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z46BOzfmiQq7f-id6OCOrgAAARg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[8] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

[9] https://www.theregister.com/2024/07/05/qilin_impacts_patient/

[10] https://www.theregister.com/2024/11/29/inc_ransom_alder_hey_childrens_hospital/

[11] https://www.theregister.com/2024/11/28/wirral_nhs_cyber_incident/

[12] https://www.theregister.com/2025/01/14/uk_ransomware_payout_ban/

[13] https://www.theregister.com/2025/01/17/gateshead_council_cybersecurity_incident/

[14] https://www.theregister.com/2025/01/16/enzo_biochem_ransomware_lawsuit/

[15] https://www.theregister.com/2025/01/14/uk_ransomware_payout_ban/

[16] https://www.theregister.com/2025/01/13/ransomware_crew_abuses_compromised_aws/

[17] https://www.gov.uk/government/news/archaic-tech-sees-public-sector-miss-45-billion-annual-savings

[18] https://whitepapers.theregister.com/



Why should an IT outage necessitate shutting the school

cyberdemon

Can't they get their workbooks and pens out?

Re: Why should an IT outage necessitate shutting the school

Doctor Syntax

Quite. We didn't have computers at school at all, not even non-working ones.

Re: Why should an IT outage necessitate shutting the school

wolfetone

Everything is IT driven in schools.

The register is online.

Lesson delivery often includes online resources (i.e. Moodle)

It can also be the fact that security, physical security, is ran through IT.

It's not all chalk and slates as it were in your day.

Re: Why should an IT outage necessitate shutting the school

Blazde

If the teachers can't figure out how to take register without a computer then perhaps the first lesson they can't conduct without online resources can be rescheduled as some kind of emergency-survival problem-solving session where the students come up with madcap ideas for how to write down a list of names without modern technology?

Does anybody have.. paper?

We can use my shirt!

Good! Does anyone have something to write with?

We can use my blood.

10/10 for effort, but too melodramatic.

Can we get ink from a teabag..?

etc.

Re: Why should an IT outage necessitate shutting the school

wolfetone

If it's so easy why aren't you a teacher? Or better yet - get in touch with the school yourself and offer your services to them?

Re: Why should an IT outage necessitate shutting the school

Anonymous Coward

Because anyone with a brain knows that working with kids is a liability..

Re: Why should an IT outage necessitate shutting the school

Doctor Syntax

Back in the mists of time I was one of the part-time OU tutors, as was SWMBO who, incidentally, had been a school teacher before returning to University to do research. Th OU depended and very likely still does, on local colleges for premises for some tutorials. The OU year was very different from the traditional academic year and tutorials ran through the summer months when the colleges were normally closed.

From time to time the caretaker would fail to turn up to unlock the building and couldn't be found. What to do? Cope. It's summer, the weather's fine. We channel the ancient Grecian Academy and hold tutorials outdoors. At least I did. If it happened to SWMBO she just cancelled the tutorial and came home. I still don't know why. Maybe its a teacher thing.

Re: Why should an IT outage necessitate shutting the school

Blazde

I'm not a teacher but I did on many occasions a) take register as a pupil myself because the teachers couldn't be arsed, and b) fail to be present in school when register was taken and suffer no adverse consequences. So I'm aware what a completely pointless tick-box joke the whole palaver is.

To cancel an entire school day because you can't verify which pupils are not cancelling their own school day is the very definition of cutting off your own nose.

Re: Why should an IT outage necessitate shutting the school

hoola

If that register is online and linked to a pile of other stuff (most our now) then it is not so easy.

Actually the register is only a small part of the issue and may not even be affected. If security systems are down then you simply don't have the staff to run the site.

Anyone who is tried to get into s school as a legitimate visitor during normal school hours should understand that.

Re: Why should an IT outage necessitate shutting the school

Blazde

Exactly. It's nothing to do with the register. Most likely, because the phone lines and CCTV are down there's been some legally risk-averse decision that it's just easier to have kids schooled at home for a day or two. Maybe that's rational because online schooling is a decent fall-back these days, but let's not pretend it's somehow impossible for them to open up if they wanted to.

Re: Why should an IT outage necessitate shutting the school

Doctor Syntax

"The register is online."

So they can't check a register. They can't take a register with the children at home - or maybe elsewhere. No effective difference.

"It can also be the fact that security, physical security, is ran through IT."

TFA says the children are allowed in to collect lunches so access is obviously not a problem.

Coping when the world lets you down is an essential human skill.

Re: Why should an IT outage necessitate shutting the school

Mentat74

Because else Google won't be able to track everyone cradle to grave...

You're not going to deny a billion-dollar company all of your kids private data now are you ?

Re: Why should an IT outage necessitate shutting the school

Anonymous Coward

Things in schools likely to be controlled by computers in 2024:

The "register" (information management system in modern parlance).

Payments

Food ordering system

The secure fob/door system

All the next of kin/emergency contact/parent contact details etc

Pupil medical requirements/allergies/medication/etc

Fire/safety/risk/etc documentation

and so on...

Re: Why should an IT outage necessitate shutting the school

KayJ

Quite. The most prominent are registration, catering (mostly biometric) and the facilities building-management-system (heating, potentially also water). With the best teaching will in the world it's a no-go if students are unaccounted for, cold, hungry and without toilets. ^^

Re: Why should an IT outage necessitate shutting the school

robinsonb5

It's almost as though the systems controlling all those things should be air-gapped and not connected to the public internet.

Re: Why should an IT outage necessitate shutting the school

Doctor Syntax

"catering"

TFA says pupils were allowed to go to school to collect lunch.

Re: Why should an IT outage necessitate shutting the school

Guy de Loimbard

So bang on the money it's shocking.

It wasn't that long ago that there was no IT medium in school unless you were exploring computer science!

IT outages are not an excuse for not delivering lessons.

Re: Why should an IT outage necessitate shutting the school

hoola

There are several issues.

It depends what is broken:

Is it related to safety such is ID & door entry systems or the register?

Is it related to teaching material?

On the first is security systems are down they will have no option but to close.

In terms of teaching it all depends on what is available and working. By the sound of it the use Google Workspace and this is currently functioning. If there is sufficient material to run lessons on that platform and teacher's laptops they can function online until the first is fixed.

Failure to Plan and Test for Computer Failure is ... Failure

An_Old_Dog

No business continuity plan other than, "Kids stay home"?!! No way to manually record attendance and grades, and enter them into the system after recovery or re-initialisation?

Re: Failure to Plan and Test for Computer Failure is ... Failure

Guy de Loimbard

This is something I often lecture/consult on.

Reversionary Method of Operation.

It works, it takes a bit of work and planning, but if done right, is a great tool in your back up arsenal.

Not for everyone I know, but if you can't operate your business, it's going to impact customers and if you're regulated, guess who's coming next?

Re: Failure to Plan and Test for Computer Failure is ... Failure

neilg

"Not for everyone I know, but if you can't operate your business"

Mate: can I point out the bleeding obvious, it's not a business it's a sodding school. Children are not "customers"

Re: Failure to Plan and Test for Computer Failure is ... Failure

Doctor Syntax

And you think that's an excuse?

Re: Failure to Plan and Test for Computer Failure is ... Failure

Anonymous Coward

Posting A/C for 2 main reasons here:

1) I'm a school governor

2) I work for a cyber security vendor

For both of those reasons, I speak to a shedload of schools about cyber incidents. A modern school will probably have pretty much everything computerised from the register, the lunch payment system, the phone, fire alarms, CCTV, access control, building management systems etc on their LAN. Older schools - well, they're lucky if they are in a building that isn't falling down around their ears because it's that old and has had no money spent on it by any government since it was built in 1895.

Most of them don't have much in the way of a cyber incident plan, because most schools don't believe an attack will ever happen to them, as they have nothing a cyber criminal would want, and it's incredibly difficult to persuade them otherwise - even with my own LA, where I'm volunteering my own time to talk to people, it's seen simply as an exhortation to buy stuff/services they don't need....

When I speak at conferences, every school has a physical response plan to somebody coming in with a weapon or trying to take a child, because the children are the school's focus. Not their data.

Until school leaders get this message loud and clear, schools will keep having incidents. Oh, that and having the money to properly fund and resource those plans, that might help as well.

Re: Failure to Plan and Test for Computer Failure is ... Failure

graemep

Should all this be computerised, given the risks? If it should be computerised should some of it not be air-gapped?

> When I speak at conferences, every school has a physical response plan to somebody coming in with a weapon or trying to take a child, because the children are the school's focus.

Are schools actually able to stop someone coming in with a weapon, or taking a child? Do they have armed guards, for example? How often does this happen? Is it the case they have plans for something very unusual they cannot stop, but not for something higher risk that they can do something about.

I wonder whether it is just suspicion that they are being sold something they do not need, rather than a more general fear. I find a lot of people seem to regard cyber security, and reliability (even simple things like good backups) as a can of worms they do not want to open. Much easier to just hope it never happens.

Re: Failure to Plan and Test for Computer Failure is ... Failure

AndrewB57

Schools SHOULD have an Emergency Plan which deals with intruders and other pyhsical threats

I have seen suich plans in action, though more for

a) dangerous dogs in the playing fields

b) hoax gun and bomb wanings

Re: Failure to Plan and Test for Computer Failure is ... Failure

hoola

With so much now delivered as SaaS because it is cheaper (in theory) there is simply not the resources or technical know how to air gap stuff.

In schools now it is very rare to have anything that is a traditional system running in the building. Now add in that the very limited number of IT staff are under paid, and therefore do not have the skills and over worked.

Re: Failure to Plan and Test for Computer Failure is ... Failure

AndrewB57

Thank you for this post. Far better informed than much up-thread.

Folk don't seem to understand how a 21st C high school runs.

The main MIS integrates student, staff and room timetables, attendance (registration), year groups, pastoral groups, subjects, finance, salaries, assessment, qualifications

Schemes of work and lesson plans will all be computerised. Many, probably most, resources will be held virtually

Catering, trips, cleaning and caretaking will all be managed on computers.

In this case I would guess the main MIS is penetrated and that there is, therefore, evidence that all systems could be at risk as the MIS has least external contact.

Yes, I agree, many schools do not have adequate disaster recovery plans and as a fellow school Governor you will be aware of the debate - every pound spent on x is a pound that cannot be spend on education, but I am wondering what is happening here.

Has the school taken the view that keeping children learning off-site (as with the pandemic) is worth it for a few days. Perhaps the MIS cannot be accessed and registers printed until the vulnerability is identified.

Re: Failure to Plan and Test for Computer Failure is ... Failure

hoola

There clearly is something, maybe not a full blown plan because they are switching to online teaching where possible.

"Students have not been given the day off, however. Teachers set work for them to complete on Google Classroom over the two days, although they can still visit the school to collect lunch."

It is the second sentence.

Abraham Lincoln didn't die in vain. He died in Washington, D.C.