London’s biggest multi-academy school trust, the Harris Federation, was hit by ransomware, bringing down IT systems, email servers, and phone lines at primary and secondary academies across London.
The incident, which took place on Saturday, March 27, 2021, represents the largest ransomware attack against a UK educational organization known to date.
The Harris Federation, a not-for-profit school trust founded and sponsored by Carpetright CEO Philip Harris, runs 48 schools and educates around 36,000 children every year, or one in every 40 London children.
The attack was discovered on Monday morning when school staff returned to work and couldn’t access internal applications and documents.
The school trust’s IT staff responded by taking down IT systems, including disabling devices it provided to pupils, in order to prevent the ransomware from spreading and encrypting their data as well.
IT staff also preemptively disabled the trust’s email server and phone systems and is now redirecting incoming calls to mobile devices.
Details about how the attackers breached the school’s network are not available, but school officials said in a message posted on the trust’s official website that they are investigating the incident together with a security firm and officials from the UK National Crime Agency and the UK National Cyber Security Centre.
UK schools have been under attack all month
However, the attack should not have come as a surprise, and many security warnings were provided in advance.
The first came on March 16, when the US Federal Bureau of Investigations published an alert [PDF] about a sudden spike of Pysa ransomware attacks that ad hit education institutions in 12 US states and the UK.
On March 23, last week, four days before the Harris attack, the UK National Cyber Security Centre also echoed the FBI’s alert and issued its own warning, revealing that the agency’s security experts have been responding to ransomware attacks targeting schools since late February.
The Harris Federation now becomes the fifth major school trust in the UK to fall victim to a ransomware attack this month after similar incidents were reported by the Nova Education Trust in Nottinghamshire, the Cambridge Meridian Academies Trust and the Inspire Education Group in Peterborough, and the Castle School Education Trust in South Gloucestershire.
Harris officials said they don’t plan to send children home and plan to keep operating and finish the current school term, set to end later this week on Wednesday, March 31.