Primary schools among 24 hit by cyber attack

March 31 2021
Primary schools among 24 hit by cyber attack

THREE primary schools in the Frome Valley area were among 24 which had their computer networks disabled by hackers.

The “targeted ransomware attack”, where malicious software is installed on a system to block access until a ransom is paid, took down IT systems at schools across the Castle School Education Trust and 17 other South Gloucestershire primary schools which use the same network.

Problems started on Tuesday, March 16, and many of the schools' computers were still offline a week later.

St Michael's Church of England Primary School in Winterbourne, Frampton Cotterell C of E Primary and Hambrook Primary School were among 17 local authority schools which were affected by the attack because they use the system run by CSET schools, which runs seven schools including Castle, Marlwood, Downend and Mangotsfield secondary schools.

A joint statement from CSET and South Gloucestershire Council said: “This was a highly sophisticated attack, which breached multiple layers of protection of the IT system shared by schools in Castle School Education Trust and partner primary schools in South Gloucestershire.

“CSET and South Gloucestershire Council are working together with external partners and agencies to investigate this attack and restore IT systems to the schools.

“A cautious and methodical approach is being taken to ensure that systems are restored safely and securely.

“Although some systems have already been restored, others remain offline, and there will be continued disruption over the coming days.

“This highly sophisticated ransomware attack has caused significant disruption to our schools, and we are grateful to our staff and pupils for their patience and understanding as we work together to restore IT systems.

“We would like to reassure the community that all of our schools remain safe and no pupils are at risk as a result of the ransomware attack, and we are working to ensure that their education continues with minimal disruption.”

Children were advised not to log on to the schools' WiFi connections and staff were unable to access classroom resources and other data stored on the system, while parents were advised to phone schools with urgent enquiries and not to rely on email.

A week after the attack the system had still not been fully restored, with schools still unable to use Windows computers.

The attack has been reported to the police and the National Cyber Security Centre.

An NCSC spokesperson said: "We are aware of this incident and are working to fully understand its impact.

"The NCSC works closely with the education sector and we have published practical resources to help schools and colleges improve their cyber security and response to cyber incidents.”