Cyber security experts have warned teachers not to open links or attachments on laptops or smartphones connected to a school’s network, in case the message is fraudulent.

Education technology charity, South West Grid for Learning, say “more and more schools” are being hit by ransomware viruses, which work by encrypting sensitive data, before hackers demand payment to retrieve it.

“Tens of schools” in the southwest had been affected over the past year, with some paying thousands of pounds to hackers, said Ken Corish, online safety director at the charity.

In one case, a school left an affected PC running for five days before alerting its local authority, enabling the virus to spread throughout its computer system.

“It’s like a cold virus. It doesn’t target schools specifically, it takes the opportunity where defences are weak,” Corish said.

Steve Proffitt, deputy head of Action Fraud, the national cybercrime reporting centre, told Schools Week the hackers were likely to morph the ransomware and attack again.

“Schools using old Windows systems are incredibly vulnerable.

“If systems are susceptible, the virus could go into your finance details and empty your budget for the year,” said Proffitt.

Schools Week has previously reported that hackers have demanded up to £8,000 from targeted headteachers for sensitive data to be recovered.

Corish and Proffitt recommended several steps schools should take to protect themselves from ransomware attacks:

  • Schools should have a data protection strategy, with sensitive data backed up daily off-site or in the Cloud, and all other data backed up weekly. This would allow data to be recovered without payment if there were a ransomware attack.
  • Staff should not open links or attachments in emails, or texts on phones or laptops connected to the school’s system, even if they recognise the sender. Unless an email with an attachment or link was expected, “ring the sender and check they sent it”.
  • Anti-viral and anti-malware software and all other systems should be up-to-date. Ransomware-specific protection is available as a bolt-on to anti-viral software for as little as £4 for each device for a year. School-specific disaster recovery insurance for £25 a year would cover £12,000 of costs.

School staff should also be trained to spot the signs of a ransomware attack, including a computer becoming unusable or data disappearing. A “splash screen” will also pop up demanding a ransom – often for bitcoins – to have sensitive data returned unencrypted.

A school’s ‘hack plan’ should immediately cut off the “infected” computer from the network and call Action Fraud, their local authority or central academy trust.

If a personal data breach has occurred, schools should inform the Information Commissioner’s Office and alert parents.