Ransomware gang attempts to extort UK school by posting files about at-risk children

The Vice Society ransomware group claimed on Thursday to have stolen sensitive data from Guildford County School, the latest British educational establishment it has victimized.

The Record has observed hundreds of files, apparently stolen from the school on January 19, posted to the criminal group’s leak site. Several have filenames suggesting they contain safeguarding reports — sensitive internal documents teachers write to record information about at-risk students.

As of publication the school has not responded to The Record’s enquiries regarding whether it was proactively informing staff and students that their information was being published online.

Last week the specialist music academy confirmed that a cyberattack was responsible for knocking out its phone lines and impacting the school’s IT systems.

While a spokesperson said “excellent progress” was being made “towards a full restoration of systems” a notice on the school website as of Thursday still describes its phones as down.

The extent of the breach was not described in the initial statement, which said the school was “being supported by a professional team and has taken immediate remedial action to limit data loss.”

It confirmed that it was in contact with the UK’s data protection regulator “in line with statutory requirements.”

At the time of its initial announcement, the school, which has over 1,000 students, did not describe the nature of the attack. Its headteacher Steve Smith said the incident would “not impact upon learning.”

The school said it “detected a cyber-intrusion into its network on January 19 which affected the school IT systems, The school remains open to all students and the delivery of lessons continues, drawing upon the significant skill and experience of all staff members.”

Vice Society has been behind a spate of ransomware attacks targeting educational establishments in Britain and around the world. The criminals extort their victims by stealing sensitive data and threatening to release it unless a ransom is paid.

Earlier this month the BBC reported that highly confidential data stolen from 14 schools in the U.K. had recently been published by the group. In several situations the schools did not inform students and staff that their data had been published on the leak site.

The National Cyber Security Centre published an alert in June 2021 warning of “an increased number of ransomware attacks affecting education establishments in the UK, including schools, colleges, and universities.” 

Ransomware attacks have also been a widespread problem for U.S. educational institutions, including recent incidents in the Los Angeles Unified School District and systems in Iowa and Massachusetts.

The NCSC has continued to reference an increase in attacks as recently as this month when it published a survey finding that, despite the threat continuing, schools were becoming “better prepared” for cyberattacks.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.