Peterborough schools and college hit by ransomware attack

Cambridge Meridian Academies Trust - which runs the Nene Park Academy and West Town Primary Academy in Peterborough, as well as a number of other schools across Cambridgeshire, spotted the attack last week.

The Inspire Education Group - which runs Peterborough College and University Centre Peterborough - was also hit.

A spokesman for the trust said no personal data had been accessed as a result of the attack.

The spokesman said: “Our IT team identified ransomware within our network on Friday 12th March and we acted quickly to keep any disruption to a minimum for our students and staff.

“All our schools have been open as normal this week. Thanks to the hard work of our team, our core IT services were restored quickly and the majority of other services have been restored or will be ready for the start of next week. We have been very grateful for the support and patience of staff, parents and students whilst this work was undertaken.

“This matter was immediately reported to the Government’s National Cyber Security Centre as is routine in this situation. We do not believe that any sensitive or personal information has been accessed. Parents and students should check their school’s website for further details.”

A spokesman for the Inspire Education Group said: "On Monday 15 March Inspire Education Group was subject to a concerted ransomware cyberattack, initiated overseas. This is entirely based at the Peterborough campus and has impacted Peterborough College and University Centre Peterborough only. This appears to be part of a succession of cyberattacks in UK education institutions.

"A ransomware attack encrypts and ‘locks’ systems and data and then the organised criminals demand a substantial ransom for the decryption key and for the systems to be released. We are aware that cyberattacks have been on the increase within the education sector for some time and as a result have a managed cyber security response service which enabled us to catch the attack early. Nevertheless, there will continue to be an impact in the weeks ahead.

"Our IT Team have been working around the clock with our Cybersecurity Managed Threat Response team at Sophos (our managed service provider) to limit the impact as much as we possibly can. We have reported the attack to all relevant organisations including the National Cyber Security Centre, Education Skills Funding Agency (ESFA), Office for Students (HE regulator), Action Fraud, and our insurers.

"There is no evidence at all of a data breach / data extraction, but we are notifying the Information Commissioner’s Office in any case.

"We have been able to mitigate the situation to some extent, in that the encryption only reached part of our systems before we were able to shut down the attack. The attack has now ceased and we are developing our recovery plan. However, we are likely to be without many of our internally hosted systems over the next 2-3 weeks as we rebuild them using safe backups.

"We are working hard to minimise the impact on our students. All cloud based systems are working as normal and teaching and learning therefore remains largely unaffected as we use Google Education and Canvas, both of which are fully operational and functioning. Advice for students is available on our Essential Information for Students page.

"Should students, parents, employer partners or stakeholders have any questions or concerns please raise these with your tutor or usual point of contact who will either answer your query or escalate."

A spokesman for the National Cyber Security Centre (NCSC) said: "We are working with Cambridge Meridian Academies Trust and law enforcement partners to fully understand the impact of this incident.

"The trust has said that core services will be fully restored over the coming days and that it does not believe personal information has been accessed.

"The NCSC works closely with the education sector and we have published guidance on how to defend against ransomware attacks."