Harris Federation hit by ransomware attack affecting 50 schools

The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday.

Harris Federation is an education charity running 50 Harris primary and secondary academies with 37,000 students from London and surrounding areas.

IT, phone, and email systems are down

The attack hit the school trust's systems over the weekend on Saturday, March 27, and led to the compromise and encryption of Harris Federation's IT systems.

After detecting the attack, the nonprofit also disabled both the email and landline phone systems, with all phone calls being redirected to mobile phones.

Students' devices provided by Harris Federation have also been disabled to block the ransomware from spreading.

"This is a highly sophisticated attack that will have a significant impact on our academies but it will take time to uncover the exact details of what has or has not happened, and to resolve," a statement on the trust's site reads.

Harris Federation is currently working with the National Crime Agency, the National Cyber Security Centre, and a cybersecurity firm to investigate the incident.

"We are at least the fourth multi-academy trust to have been targeted in March," Harris Federation also said, highlighting the escalating number of UK schools getting hit in similar attacks.

The school trust will keep Harris academies open until the end of the current term on Wednesday, March 31.

Attacks against UK schools are escalating

The attack follows an updated alert from the UK's National Cyber Security Centre issued on March 23 warning of an increase in targeted ransomware attacks against education institutions since late February.

This wave of ransomware attacks follows another one that impacted the UK education sector last year, during August and September.

One of the impacted organizations was Newcastle University which got hit by DoppelPaymer ransomware.

Two weeks ago, the FBI issued another advisory regarding increased Pysa ransomware activity targeting educational institutions in the UK and 12 US states.

While there are no official details on who is behind this ransomware attack, sources in the cybersecurity community have told BleepingComputer that it was the REvil ransomware operation, but we have not been able to independently confirm this.

REvil hit computer giant Acer earlier this month and is demanding a $50,000,000 ransom, the largest known ransom to date.

Comments are closed.