Colleges and schools on the Isle of Wight have had their data encrypted after the umbrella organisation that runs them suffered a ransomware attack.
Websites for Medina College, Carisbrooke College, the Island Sixth Form, and the Isle of Wight of Education Federation have been offline for almost a week.
What is ransomware? Is this the end of the road for ransomware? What is Maze ransomware?
The Isle of Wight of Education Federation, which runs three schools, said its IT systems were compromised between 28 and 29 July leading to fears it could result in delays to the start of the new school term in September.
"We are working with officers from the police cyber crime unit to pursue the cyber criminals and understand the full impact of the attack," the federation said. "There are obviously some significant implications of this, which we are managing and will take measures to secure our systems even further in the future.
"We are working with the local Police and Authority, Department for Education, Cyber support and various ICT system providers to move this forward and ensure that necessary and appropriate systems are in place for the new academic year."
Ransomware attacks have plagued UK education institutions throughout the 2020/21 academic year, with similar incidents affecting universities in Newcastle, Northampton, and London. However, the attacks on the Isle of Wight occurred out of term time, which suggests the attack is targeted, according to ESET security specialist Jake Moore.
RELATED RESOURCE
How to reduce the risk of phishing and ransomware
Top security concerns and tips for mitigation
"It dramatically highlights the importance of having the correct and robust backup measures in place regardless of how much it costs to make it strong enough to withstand a standard attack," Moore told IT Pro. "Councils, schools, and other local government agencies often lack funding and consequently may not have the strongest network protection which makes them soft targets for those looking to exploit any weaknesses. However, due to very rarely ever paying ransom demands, it is likely that the very fact they often have weaker security means they are unintentionally caught up in a net of ransomware."
In response to the attack, Lanesend Primary school announced that its pupils will start their new academic year three days later than planned.
-
Dell Technologies World 2025 – all the news and updates live from Las VegasKeep up to date with all the news and announcements from Day One of Dell Technologies' annual conference
-
Un changement ciblé vers les services fournis par des partenaires génère de nouvelles opportunités avec BroadcomBroadcom investit dans les services professionnels — fournis par des partenaires — pour assurer le succès à long terme des clients
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
-
Alleged LockBit developer extradited to the USNews A Russian-Israeli man has been extradited to the US amid accusations of being a key LockBit ransomware developer.
-
February was the worst month on record for ransomware attacks – and one threat group had a field day
News February 2025 was the worst month on record for the number of ransomware attacks, according to new research from Bitdefender.
-
CISA issues warning over Medusa ransomware after 300 victims from critical sectors impactedNews The Medusa ransomware as a Service operation compromised twice as many organizations at the start of 2025 compared to 2024
