ransomware attack

At least one Isle of Wight school victim of ransomware attack

At least one school on the Isle of Wight has become victim to a ransomware attack.

The Isle of Wight council legal services department has emailed a warning to all schools, providing guidance on what they should do to protect themselves.

It’s not clear from the email whether the un-named school has been affected by the most recent ransomeware attack – Petya (NotPetya) malware – or whether it was due to recent Wannacry or other circulating ransomware, but police are investigating (see IWC update below).

Advice lacking
Given the recent ransomware attacks, it’s somewhat surprising to see the council has not suggested schools update their MS Windows servers and computers.

Their email reads:

There has recently been a ransomware attack on an Island school resulting in considerable disruption, cost, temporary data loss, possible data protection issues and a criminal investigation.

The purpose of this email is to highlight the risks to all schools with their own IT providers who may or may not have the capacity to deal with such an incident. Alongside the obvious disruption there is course a corporate risk to the Council in terms of reputation and responsibility for the education of island children.

The Police are currently involved to establish whether the attack was malicious. Whether it is or not the effect to the school is the same. I would urge every school to make sure appropriate business continuity plans are in place for this type of situation.

Guidelines,

  • Back up your servers. Make sure you have an onsite facility and also an offsite facility in the form of external hard drives etc.
  • Make sure you have an IT policy for the school which contains rules on the use of personal memory sticks and devices
  • Be aware of what your staff are doing and what they are using on school hardware
  • Make sure you specify well when procuring systems
  • Risk assess how you will deal with a loss of data and how it impacts on the day to day running of the school
  • Don’t cut cost on support from your provider

Blunt response from IWC
OnTheWight wrote to the IWC with a series of questions this morning. It took six and a half hours to get a response, but here is their reply.

1. Which school was affected by the ransomware attack?

Unable to answer as IWC is not the IT provider to schools.

It would be very surprising for the IWC to have been informed of a ransomware attack and not know which school it was. Is that really the case?

2. Was it the Petya (NotPetya) malware? If not, which?

Unable to answer as IWC is not the IT provider to schools.

Again, it would be pretty surprising to have been informed of an attack and for the IWC to not be advised what the attack was.

3. Why did the email to schools come from legal services (and not IT Dept)?

The email was sent out regarding information assurance. IWC is not the IT provider to schools – schools buy in their own IT contracts and should follow the advice given by their own providers but should anything adverse happen, then the council has liability, hence why the email came from legal services, which deals with insurance claims and risk.

If the reason for the email was to protect from insurance claims and risk, making sure data held by school was protected from ransomware attacks and encryption would surely have been a priority – not simply advising schools to back up their data.

4. Is there a reason why IWC have not advised schools to update servers and computers with MS Windows security patches?

As IWC is not the IT provider for schools, it cannot provide advice/ guidance as providers will vary from school to school and may offer differing advice.

It’s jolly marvellous to know that after our article was published, the officer from Legal Services did email all schools again, this time suggesting they “make sure the latest Windows Updates and Anti-Virus updates are installed”. Well done!

Article edit
16.30 response from IWC to questions added.

Image: christiaancolen under CC BY 2.0