What is Ransomware?

Ransomware is a type of malicious software (malware) that prevents you from accessing your computer (or the data that is stored on it). The system itself may become locked, or the data on it might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017.

Normally, you’re asked to make a payment (often demanded in a cryptocurrency such as Bitcoin) in order to unlock your computer (or to access your data). However, even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files. Occasionally malware is presented as ransomware, but after the ransom is paid the files are not decrypted. This is known as wiper malware.

For these reasons, it’s essential that you always have recent secure backup of your most important files and data. We recommend our Remote data Backup service which provides inclusive malware protection for your backed up data. 

How does it impact education providers? 

  • Ransomware is often used by criminals in a way that doesn’t initially target specific organisations.
  • Once the malicious software is on a network, the criminals can monitor and control the encryption of data.
  • Their aim is to encrypt data that will have the most impact on the organisation’s services.
  • This can affect not just the organisation’s computer networks but also services it operates, including telephony and websites.
  • The data held by these services is also at significant risk, including personal information (student and staff details), financial transactions (staff salaries, payment of ESFA funds, ability to pay suppliers).
  • Depending on the comprehensiveness of disaster / business continuity plans in place, normal service can take weeks, if not months to resume. In some cases, data will never be recovered.
  • Some ransomware groups have started to steal data from their victim organisation’s networks before encrypting what is left. This means that even if the victim can recover from backups, the criminals may try to extort money in exchange for not revealing the data online.

Should we pay ransomware?

The DfE supports the National Crime Agency (NCA) recommendations. The NCA does not encourage, endorse, or condone the payment of ransom demands.

Payment of ransoms has no guarantee of restoring access or services and will likely result in repeat incidents to educational settings.