Education Sector in Southern Wales at High Risk of Ransomware Attack

The Regional Cyber Crime Unit (RCCU) for Southern Wales has seen an increase in the number of ransomware attacks affecting educational institutions in our region. Schools, colleges and universities are strongly advised to check their cyber security and resilience policies as a result.
Student using computer

Schools, colleges and universities in the Southern Wales region are being increasingly affected by criminals using ransomware to steal valuable personal data and information.

Ransomware consists of computer viruses that lock files to prevent access to them. This severely affects the day-to-day running of the school / college or university. Imagine not being able to access lesson plans, pupils’ allergy records, or emergency contact details for parents and guardians?

Criminals may send a ransom request – demanding that a fee is paid in order to unlock the files. They may threaten to sell the data in the files if the ransom isn’t paid. They may sell the files even if the ransom is paid. Those files could contain quantities of sensitive data and information including addresses, bank details, medical records and more.

The majority of ransomware attacks are random – the criminals will issue a widespread attack in the hopes that they catch someone out. Often ransomware is installed as the result of human error, a member of staff or a student clicking on a malicious link or an infected file by accident. But some ransomware attacks are targeted – the criminals have identified a vulnerable piece of software and exploit it to gain entry. Once installed, ransomware can spread to all connected devices on a shared network.


The best method of protection is prevention.

Schools / colleges and universities should ensure that the following is implemented (if it isn’t already) and championed from the top down.

  • Make sure that all staff are trained in cyber resilience. Book a training session with an external provider. Tarian RCCU offers training inputs to staff and students, and can test their knowledge with our Not2Phish platform, using mock phishing emails to safely test their awareness.

  • Make sure that a business continuity plan for cyber breaches / attacks exist. This should be created by senior management with an input from all business functions in the school / college / university. Unsure where to start with this? Our trusted partner, The Cyber Resilience Centre for Wales, can assist.

  • Make sure that staff and older students know how to back up their files and have access to a straightforward means of doing so.

  • Check with IT providers to ensure that firewalls and anti-virus software are regularly updated and always active on all devices connected to the networks.

  • Check with IT to ensure that all staff and students have ‘privileged access’ implemented so that they can only access the files and systems they need in order to carry out their role / studies. This will help prevent the spread of ransomware in the instance that they do open an infected link / file.

  • Implement multi-factor authentication on all devices connected to the networks.

  • Implement automatic software updates on all devices connected to the networks.

  • In the event of a live ransomware incident, contact Action Fraud.

“We have seen a rise in the number of reports of schools, colleges and universities in our region experiencing cyber attacks and breaches, and in most of these cases the type of attack was ransomware,” said Detective Sergeant Fran Richards.

“Once an attack has happened it is a matter of damage control, and such events can be distressing and frustrating for the victims. We want to emphasise how important it is to take simple measures to stop criminals from using common methods of entry – such as exploiting human error and software vulnerabilities – thereby stopping an attack before it can happen.”

Do you work for a school / college or university in the Southern Wales region? (This includes South East, South West and Mid-Wales). Want some support with the above? Get in touch with our team on RCCU-Tarian@south-wales.police.uk or use our contact form.

Read another Insight

There has been a recent increase in cyber attacks targeting councils across the UK.

Due to the success of our first wave of recruitment we are now looking to take on more enthusiastic volunteers to support our work in the Regional Cyber Crime Unit.

Online scammers are constantly evolving their attack methods to try and catch potential victims out. Two tactics that are being increasingly reported are the use of Cyrillic letters, and malicious QR codes.