The UK’s National Cyber Security Centre (NCSC) has issued an alert to universities after recording a “significant increase” in ransomware attacks in recent weeks.
NCSC, part of government intelligence organisation GCHQ, issued the guidance in response to the rise in cases seen since late February.
It said that there was “no reason to suspect the same criminal actor has been behind each attack” and that they had “caused varying levels of disruption”, with financial records among the information targeted.
Ransomware is a type of malware?that prevents organisations from accessing their systems or data, with hackers typically demanding payment for recovery of the data, or to prevent its release.
Schools and colleges had seen a similar increase in attacks, NCSC said.
“Any targeting of the education sector by cyber criminals is completely unacceptable,” said Paul Chichester, director of operations at the NCSC.
“This is a growing threat and we strongly encourage schools, colleges and universities to act on our guidance and help ensure their students can continue their education uninterrupted.”
NCSC previously reported an increase in ransomware attacks targeting education institutions across August and September last year.
Steve Kennett, director of e-infrastructure at university sector technology body Jisc, said that the organisation “has been helping many colleges and universities recover from ransomware attacks recently”.
“We have seen what a devastating impact this crime has on the sector. I urge all education and research institutions to act swiftly to ensure their systems and data are robustly protected,” Mr Kennett said.
In a separate development, British police urged students against using the Sci-Hub website to download scientific papers, claiming that many universities “have suffered intrusions as a result of access credentials being stolen when visiting” the site.
“Students should be aware that accessing such websites is illegal, as it hosts stolen intellectual property. Visitors to the site are very vulnerable to having their credentials stolen, which once obtained, are used by Sci-Hub to access further academic journals for free, and continue to pose a threat to intellectual property rights,” said City of London Police’s Police Intellectual Property Crime Unit.
“With more students now studying from home and having more online lectures, it is vital universities prevent students accessing the stolen information on the university network. This will not only prevent the universities from having their own credentials stolen, but also those of their students, and potentially the credentials of other members of the households, if connected to the same internet provider.”
Andrew Pitts, chief executive of research technology firm PSI, said that he knew of 42 UK universities that had been hacked by Sci-Hub after students and staff had personal credentials stolen through phishing.