Ransomware thieves are demanding £500,000 after an attack against Wooton Upper School in Bedfordshire, said press reports this week.
The attack, said to be the work of the Hive ransomware group, also affected the Kimberley college for 16-19-year-olds. Both of these organizations are part of the Wootton Academy Trust.
The cyber-criminal group reportedly messaged students and parents, informing them that they had compromised the Trust’s networks several weeks ago. It stole home addresses, bank details, medical records and even students’ psychological reviews.
In an update on Tuesday, the Trust said that the disruption to its operations was limited as it was winding down for the summer break. However, it has affected scheduling for next year, along with the production of some grade sheets. It will retrieve some data from backups, it added, and hopes to resume normal operations within 10 days.
However, the Hive group believes that Wooton has £500,000 in cyber insurance, according to local newspaper Bedford Today. It has threatened to release all of the data unless the Trust pays up.
“We understand there may be concerns about whether any pupil/student data has been impacted. While we don’t have firm answers to these questions at the moment, this is our number one priority of the ongoing investigations,” said the Trust.
Jake Moore, global cybersecurity advisor at ESET and former head of digital forensics at Dorset Police, warned that even though the timing of the attack minimized disruption to the school, the potential release of stolen data was a bigger problem.
“The data potentially stolen could be extremely damaging for the local community, and the next decisions are vital,” he warned, adding that the damage could last for years.
Moore added that local authorities often lack the funds to pay the desired ransoms, suggesting that this might not have been a targeted attack. Instead, it might have been caught up in a broader sweep of vulnerable systems, he concluded.