Sixth-form slammed for paying £1,500 ransom to cyber attackers

Sixth-form college is slammed for paying £1,500 ransom to cyber attackers who wiped students’ vital coursework just weeks before their exams

  • Forensic expert branded Durham Sixth Form Centre decision to pay ‘madness’ 
  • WannaCry attack also hit the NHS as well as the Nissan car plant in Sunderland 
  • After sixth form paid up, only coursework from certain pupils was recovered

A school that paid a £1,500 ransom when they were hit by a cyber attack in the run-up to exams has been slammed after only some of its pupils’ work was recovered.

Cyber crime expert Phil Butler branded the decision to pay up ‘madness’ after students at Durham Sixth Form Centre lost valuable work when the computerswere targeted by ransomware shortly before the exam period last Spring.

An investigation has revealed the school paid a ransom of £1,500 after a computer virus encrypted files which contained student’s work during the WannaCry attack, which the UK and US blamed on North Korea in December.

A forensic officer branded the decision to pay up ‘madness’ after the attack hit the NHS in what the UK and US said was a hit masterminded by North Korea 

The payment, to a third party, was approved by the school’s Chair of Governors Dennis Southwell.

The cyber attack, which occurred at the end of April last year, left teachers and pupils unable to access work.

Only some of the student’s work was recovered. Phil Butler, former police officer and cyber crime expect at Roxburgh Forensics, said submitting to the ransom left the school vulnerable and pointed out that both the UK and US blamed North Korea for the attack.

‘It’s madness really to start paying out to criminals who claim to have hacked your system because you’re exposing yourself to a whole world of pain,’ he said.

‘Essentially you are becoming an easy target for future attacks. And not only that, your encouraging further criminality you’re actually facilitating potential money laundering and it’s just madness essentially.

‘That is why the police would never recommend that anyone should pay out and there’s a number of things you can do.

‘It’s understandable that people essentially would emotionally think “what on earth can we do” and maybe panic but actually it’s a time for calm heads in a situation like this.’

The NHS was also hit during the attack and Mr Butler said that coughing up opens institutions up to a ‘world of pain’ 

Phil said he would be ‘very surprised’ if the amount paid out by the school was just £1,500.

‘I know anecdotally that other companies have paid out on occasions and to be fair never got anywhere, like the school, the school obviously never recovered its data, and those were in the figure of £30-£60,000.’

He said businesses, students and those using a computer at home should be backing up work, keeping software and anti-virus up to date and not installing software from unknown origins.

‘We weren’t on this occasion dealing with computer nerds sitting in a dark bedroom somewhere,’ he said. ‘This is a state-sponsored attack, the Americans believe. The Department of Homeland Security believe it was actually North Korea behind this particular attack.

‘It was a state-sponsored terrorist attack upon the western world essentially. So it wasn’t just the school that was affected, it was a number of businesses, NHS and as you’ve heard Nissan etc. It was a real serious attack this.’

Durham Six Form student Tommy believes he received a lower grade in his AS Level IT as his final pieces of coursework were never recovered following the attack.

He has since left Durham Sixth Form to effectively start over with a different qualification at a college.

‘When I got back after half term, this is when I learned about that over the half-term they got held to ransom, obviously all the work’s been lost,’ he said.

‘At this point we hadn’t had anything back yet so it was about a week where we just didn’t have a network at all, and then the next week we got it back but it was encrypted so none of us could access any of it so it was basically still all gone.

The attack was blamed on North Korea and also affected the NHS as well as Sunderland’s Nissan plant (pictured, North Korean dictator Kim Jong-Un)

‘We tried to decrypt it but they were never able to so basically all the IT coursework I left over there to get marked was gone so I didn’t really get the marks which I’d actually done work for.’

Another student Lewis, who was just about to take his A Levels when it happened, was able to recover his coursework and has since gone to university.

‘We came back from the Easter holidays and the WiFi wasn’t working and they said: “You can’t go on the computers their down at the moment”‘, he said.

‘A few days past and rumours started going around saying we’ve been hacked and they have took all of our files, which was quite alarming considering the fact I took lots of subjects where literally all my work was on the computers.

‘I was like am I going to be able to get my work back, am I going to be able to finish my work properly before the exams.

‘It was still a bit weird not having half of your work that you have worked on for the whole year not on you, especially at exam season as well.’

In May last year malicious software locked up thousands of computers all over the world.

The NHS became the victim of a cyber attack and thousands of operations were cancelled. Nissan’s plant in Sunderland was also targeted.


Source: Read Full Article