GCSE coursework lost in cyber attack on Bridport school

Sir John Colfox Academy Sir John Colfox AcademySir John Colfox Academy
The Sir John Colfox Academy has about 1,000 pupils

Hackers have used ransomware to encrypt files at a school, causing it to lose some students' GCSE coursework.

The Sir John Colfox Academy in Bridport, Dorset, said a member of staff mistakenly opened an email containing a virus.

The email claimed to be from a colleague at another Dorset school and infected the computer network.

Coursework from one subject submitted by Year 11 students, which was saved on the school' system, has been lost.

Head teacher David Herbert said: "We are liaising with the relevant exam boards about this specific issue."

Mr Herbert added a police expert "has advised us that it is very unlikely that any school information has left the building and we are not compromised in that way".

"Personal data relating to staff, students and parents is not held on this system and is secure," he said.

Presentational grey line

Analysis

by BBC technology reporter Jane Wakefield

Hackers are highly qualified when it comes to finding ways to infect machines and so-called ransomware has become one of the most popular ways for cyber criminals to make money.

In a typical attack, malicious software is installed on a victim's computer - typically via a link that is sent in an email - and will then proceed to encrypt all the files on it.

To get the data back, the victim will be asked to pay a ransom, often in cryptocurrency, within a certain timeframe.

Unfortunately, schools and other public institutions, such as hospitals, have become regular victims because hackers think they will be less likely to have good cyber-practices.

Falling victim can be hugely damaging to reputation - and a school which has lost GCSE coursework as a result of an attack will have some explaining to do to parents and pupils.

All of this could be simply avoided with some straightforward steps. Backing-up data on an external drive, keeping anti-virus software up to date and educating anyone who uses the network to not open unsolicited emails or click on suspicious links.

line

The school in Dorset said specialists were working to try and rectify the issue, which also means Year 9 and 10 reports will be delayed by at least a week.

Technology explained: what is ransomware?

Dorset Police said: "A full investigation is under way into the circumstances and Dorset Police's cyber crime unit is supporting and providing advice to the school."

The force said no money had been exchanged.

Mark Orchison, managing director of technology specialists in education 9ine, said 20% of schools reported they had been a victim of cyber attacks.

'Paid hackers'

He said: "I would say it's actually under-reported... a lot of schools don't realise they have to report each cyber attack, and some don't report them to try and reduce reputational damage.

"Many of them, when you talk about cyber security, don't know what it means; a lot don't budget for it or don't have the money to protect themselves."

He said his team, which carried out tests on cyber security in the education sector, took an average of four hours to take over a school's IT network.

Mr Orchison said he was also aware of a number of schools which had paid thousands of pounds to hackers in ransom demands.