14 Schools located across the UK have suffered a Cyber Attack, resulting in the public availability of student and staff records, including SEN data, passport scans and staff contracts.
The attackers gained access to the file systems and were able to search through the folder structures to find the folders that were marked with sensitive names, such as ‘passports’ or ‘contracts’.
The data that was stolen was uploaded to the dark web, and was made accessible to those that could find it.
The dark web is not accessible by normal web browsers and requires specialist tools to access. This area of the internet is used heavily for criminal activity.
The attack on the schools was performed through a ransomware attack. These attacks, when successful, encrypt files and require payment from the victim to decrypt them. Encryption is essentially using advanced techniques to lock the files and requiring a key to unlock them.
In some ransomware attacks, the files are stolen and leaked by the attacker, in others they are just made inaccessible to the victim.
The group that executed this attack are known as the Vice group. The group have targeted and successfully breached schools across globe with attacks largely targeted at the UK and the USA. Currently, it is believed the groups primary motivation is financial gain. The group target schools predominantly because they typically have weaker Cyber Security than other organizations due to strict, tight budgets.
Attacks like this show that Cyber Security is critical within any business or organization, regardless of the size or budget of the business. If you would like to hear how we can help your business, please get in touch by clicking here.