Cyber security centre warns UK universities and colleges following rise in ransomware attacks

The National Cyber Security Centre has provided updated guidance to academic institutions following a timed rise in ransomware attacks

An alert has been issued with additional guidance as NCSC anticipates further disruption to universities’ security systems.

The National Cyber Security Centre (NCSC) has stepped up its support for the academic sector and urged universities and colleges to back up their data and store it offline as cyber criminals take advantage of weaknesses in digital infrastructure following the disruption caused by COVID-19.

The alert follows a spree of cyber-attacks in August, most notably was the ransomware attack on the University of Newcastle in which the threat group “DoppelPaymer” posted stolen data online.

The attacks varied in disruption due to the differing levels of security in place in the institutions, but the attack on the University of Newcastle is expected to take “a number of weeks” to mitigate, according to a spokesperson at the university. 

Criminals typically encrypt computer networks and then leak stolen documents online to pressure victims into paying up.

NCSC operations director Paul Chichester said: “While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.”

David Corke, director of education and skills policy at the Association of Colleges, said:

“As the last six months have shown us, it has never been more important for colleges to have the right digital infrastructure in order to be able to protect their systems and keep learning happening, whatever the circumstance.

“This needs a whole college approach and for a focus wider than just systems, it needs to include supporting leaders, teachers and students to recognise threats, mitigate against them, and act decisively when something goes wrong.”

The NCSC is working with the university body to deliver “robust guidance” on cyber-security, due to be published this academic year. 


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.