Schools Are New Target For Ransom Virus



Schools in the UK are being targeted by a new wave of viral computer ransom attacks encrypting all their financial and pupil records. They are being told that the quicker they respond and pay the ransom, the less they will be forced to pay.

Staff at St. Gregory the Great Catholic School in Oxford found that all of their files were encrypted on Monday and realised it was a ransom attack when they checked a Read Me file that was lodged in amongst other unreadable files.

The ransom virus was identified as ‘Aleta’, a form of malware that is mostly spread through remote desktop access protocols. This occurred despite the schools extensive use of popular anti-virus software.

Cyber criminals seek to compromise admin' accounts that have the right to control organization network remotely, and if they succeed to infect them, they can easily take over the target system and infect all devices with ransomware.



The virus hit the school’s finance server on the Saturday before and completely disabled all files relating to the SIMs software – the ubiquitous software that manages all school financial and pupil performance records.

Staff at the school decided that they would not give in to the ransomer’s demands or make any contact with them. It took them two days to fully restore the system by reinstating backed up files on a re-configured server.

Rodger Caseby, Vice Principal at the school said: “This is what a critical incident plan is for! It's essential to have a plan in place to cover the network going down - for example hard copy contact details for pupils. And it pays to back up your network. A regular backup protocol meant that we could restore our systems and suffered only minimal loss of data.

“We were fortunate in having an ICT team in house with the expertise to deal with this situation. Not all schools have this”.

Howard Sharron

July 2017

School Leadership Today