Schools and academies in Lancashire, England were hit by a malicious cyber attack, disabling access to files and disrupting computer systems.
On Monday morning, September 16, 2024, hackers attacked the IT systems of educational institutions in the Blackpool Trust around the Fylde Coast, leaving them with limited access to their systems.
According to Dean Logan, CEO of Fylde Coast Academy Trust, the Blackpool trust had been subjected to ransomware, infecting the organization's IT infrastructure and resulting in limited accessibility to systems.
It’s yet to be confirmed if the ransomware attack was used as leverage to pocket cash from the trust’s schools and academies.
Dean said it would take a number of days before the full impact could be understood and services could be restored to schools.
Blackpool trust owns 10 academies and all of them were targeted including Aspire, Montgomery, and Unity, Aspire high schools and a few primary schools too were believed to be impacted
For the time being, the administration has deviated from IT systems switching to non-computer-based processes.
Impaired phone lines and computer systems
The identity of hackers has not been made known to the public. The ransomware also impaired phone lines, obstructed administrative tasks, and access to student records and classroom activities.
Dean informed parents and carers to reach out to schools “only when necessary,” further insinuating that the trust received support from the Department of Education and a cyber security team within hours of the attack.
Full normal functioning is expected to be restored in a few weeks time to ensure the ransomware is removed adequately, however, “key services” are expected to resume next week, Dean told BBC.
"Our focus remains in providing the highest possible care and education for pupils during this recovery,” Dean stated. "Leaders, teachers, support staff, and pupils have responded very positively and with resilience.”
He further added that the skills and knowledge learned during the COVID-19 pandemic have provided reassurance and confidence in dealing with this challenge.
"We are very grateful for the support being received, the offers of support from the local authority, other school trusts as well as our school communities who are all pulling together to beat this challenge."
Resorting to manual procedures
Dr. Darren Williams, CEO and Founder of BlackFog told EM360Tech that yet another school has fallen victim to ransomware.
Going ‘back-to-school’ may not only be a source of anxiety for children returning from summer breaks but also for education officials who are faced with more cybersecurity challenges than ever before.
With this, “the shortcomings of the traditional cybersecurity tools many organizations continue to rely on are becoming increasingly apparent.”
“In this instance, all 10 schools in the Blackpool trust have been forced to revert to manual processes as a result of the attack,” he added.
Williams says that unfortunately, education continues to top the ransomware leaderboard, with August depicting a 12% increase over the previous month.
As of now, no cybergang or hacker has publicly claimed responsibility for the ransomware attack in Blackpool. Neither has the public been informed of the demands to regain access to the IT systems.
Usually, the motive of such malicious attacks is to extort money from victims. In this case, it’s still unclear if a ransom was demanded.
Hacking sensitive information
Hacker groups have subjected schools in the past such as in the case of Los Angeles Unified School District (LAUSD) in 2017 where an anonymous cybercriminal/s breached data.
This attack impacted the district, causing widespread disruption and uncertainty for students, parents, and staff.
The hackers gained access to a database comprising sensitive data including Social Security numbers, addresses, and bank account information.
It resulted in the theft of sensitive student and staff data, including names, birth dates, and Social Security numbers.
Such an event prompted organizations to take proactive steps to protect sensitive data.
The LAUSD responded to the 2017 data breach by first notifying the affected individuals. They offered credit monitoring services, conducted a thorough investigation, and strengthened security protocols.
The details of the cyberattack and response measures were not made public, however, we know that the district also worked with law enforcement agencies to identify the perpetrators and prevent future attacks.
Similarly, The Fylde Coast Academy Trust received support from the Department of Education and a cyber security team as well as local authorities, other school trusts, and the school communities
William told EM360Tech that there’s an urgent need for the government to invest in more advanced cybersecurity technologies within this sector.
This would help “keep pace with the rapidly evolving tactics used by attackers and to protect sensitive student data.”