The Department for Education and the National Cyber Security Centre (NCSC) has been made aware of an increasing number of cyber-attacks involving ransomware infections affecting the education sector recently.

It is important that senior leaders in education settings understand the nature of the threat and the potential for ransomware to cause considerable damage to their institutions in terms of lost data (including evidence required to support this year’s teacher assessed grades) and access to critical services.

The information below will support your ongoing cyber security preparedness and mitigation work.

What should I do if I am affected?

  1. Enact your incident management plan
  2. Contact the NCSC
  3. Contact your local law enforcement and Action Fraud
  4. Inform the Department for Education by emailing:

The Department for Education supports the National Crime Agency’s recommendations not to encourage, endorse, or condone the payment of ransom demands.

Payment of ransoms has no guarantee of restoring access or services and will likely result in repeat incidents to educational settings.

It is vital that you urgently review your existing defences and take the necessary steps to protect your networks from cyber-attacks.

Along with your defences, having the ability to restore the systems and recover data from backups is vital. You should ask your IT team or provider to confirm that:

  • they are backing up the right data (including evidence to support this year’s teacher assessed grades)
  • the backups are held offline
  • they have tested that they can restore services and recover data from the backups


Further information and supporting material include:

  1. NCSC Alert on the current cases of ransomware
  2. Ransomware advice and guidance for your IT teams to implement
  3. Offline backups in an online world
  4. Backing up your data
  5. Practical resources to help improve your cyber security