Education, Ransomware and Tips to Prevent You Falling Victim

For some time now, Cybercriminals have been focusing on the Education sector and have had recent successes infiltrating two universities, causing disruption and stress. 


The latest incident saw Newcastle University held to ransom after a hack let criminals into the systems in early September. The incident on the 4th of September, shut down several key systems. The group behind the attack were ‘DoppelPaymer’ a group also linked with high profile attacks on Tesla and Space X. 


As part of the attack, the DoppelPaymer group took to social media to demand payment and raise awareness of the breach. This is a new approach adding additional pressure and potential reputation damage to the victims to encourage settlement of the ransom.  

Cyber Security Hack Tweet

Whether you are, a university or a commercial business the effects of an attack of this nature can have far-reaching consequences both in terms of recovery and getting systems back online through to reputation damage and the Information Commissioner’s Office. 


The event in Newcastle follows a recent incident affecting Northumbria University that resulted in the cancellation of exams and shutting down of its student clearing hotline. 


Peter Francis deputy Vice-Chancellor said the university had been experiencing an ongoing IT issue which caused “significant

operational disruption” and it was found there had been “a cyber incident”.


Home to 26000 students, the university said investigations were in their early stages, and they were working to recover systems and services to minimise impact to students. 



Who are DoppelPaymer 


Whilst traditionally Ransomware attacks have been used to encrypt and lock file access (typical Ransomware), this group/organisation (DoppelPaymer) are also using the hacked data as collateral and leverage

to force payments from victims. 


It is understood that this new tactic of not just stealing the victim’s data, but threatening targets to publish or sell the data if a ransom was not paid, started earlier this year.



Why is Education Being Targeted


Whilst Education is being targeted the wider business fraternity remains a key revenue generator for Cyber Criminals. In a recent study, it was estimated that the global cybercrime economy is now worth a staggering $1.5 Trillion. 


The Education sector has been a key focus for cybercriminals for some time and a good reason. Educational establishments, whether Primary. Secondary or Higher have a lot of valuable intellectual and personal data.

Most institutions also have lots of users accessing systems which means lots of potential opportunities for criminals to get credentials, helping with access to systems.


Also, for many years there was an underinvestment and lack of understanding around data and cybersecurity. This has left some exposed and easy targets for those with malicious intent. 


Cyber Crime and attacks like those affecting Newcastle University are now commonplace and will be part of the everyday challenges that IT departments and organisations face in combatting cybercrime. Experts predict that Education will continue to be a target for the future, and establishments need to ensure they are taking all necessary steps to mitigate and protect systems and data.   


Preventing Cyber Attacks 


 Firstly, an important fact is that no organisation can protect itself completely, there are too many variables, and that’s without throwing humans into the mix. These humans increase the chances of something going awry exponentially. 


Don’t Panic, there are a few things that can be done to quickly reduce your risk exposure and help firm up your security practices. 


Passwords Policy and Process

Look to implement and apply stringent policies on passwords and user access and make sure these are adhered to and enforced.

Multi-Factor Authentication 

Where possible, add layers of protection such as 2FA. These are not easily hacked by criminals and deliver additional protection to software and systems.

Next Generation Perimeter Security

Security like an onion has layers, using next generation perimeter technology that looks for threats to your network and guards against intrusion is a must-have.

Keep System Updated 

It only takes one unpatched device to allow access to the whole network and its therefore important that all hardware and software updates are installed. Do not run end of life software as this is a hacker’s green light and will be a breach of GDPR data laws.

Detection Tools 

Look to monitor the network and or user behaviours to identify any signs of infection or unusual activities. Spotting unusual activity can help you quickly isolate attacks.

Secure Mobile Devices 

Mobile phones and devices are often overlooked, as phones are usually not considered a threat to the network. These can provide gateway access for attackers. You need to Protect mobile devices

that connect to the network to prevent unauthorised access to systems.


Where possible use advanced encryption. Look too encrypt files in rest and motion.


Should the worst happen, ensure that you have recoverable data that can get you back up and running. If data get erased or corrupted through an attack, you need to be able to recover the data quickly as every minute of downtime comes at a high cost.


A key line of defence to educate ourselves on the ever changing attack vectors that we as human beings need to be aware of. As the criminals become smarter to try and distract our already busy lives by using smart tactics to use employees to gain access to the networks with Phishing attacks. By continuous education we can ensure our end users know what to look for , or at least be able to stop and question when something does not look right.


We hope you found this blog of use and if you would like to review your current security standards or ask a question of our security experts, please get in touch.