Lancaster Royal Grammar School has been the target of a serious cyber attack. The attack happened on July 16, just before the summer holidays, after the school’s IT department noticed something unusual. Pupil databases, safeguarding, or finance systems were not affected.
The school shut the system down, got advice from cyber experts, then rebuilt it from scratch over the summer holidays with added security, resulting in no lasting damage. The attack appeared to be by a professional group, who had asked for a ransom. The school did not interact with any demands.
Other schools in the Fylde area were affected by similar ransomware attacks. Mohammed Patel, from the cyber security firm Check Point, said: “The ransomware attack on Lancaster Royal Grammar School is a stark reminder of the escalating cybersecurity challenges faced by the education sector. Unfortunately, this isn’t an isolated incident.
In recent months, we’ve seen multiple schools targeted, including a significant ransomware attack on the Fylde Coast Academy Trust in September 2024, affecting 10 schools and forcing them to revert to manual processes. Similarly, other schools have faced similar attacks, with some being locked out of their own systems for extended periods. Ransomware, in particular, is not just a threat to schools but is one of the top threats to organisations across the UK.
To seriously address this, the education sector urgently needs to focus on proven cybersecurity solutions and strategies.”
Staff at Lancaster Royal Grammar School spent the summer holidays rebuilding the entire IT system after a cyber attack forced them to shut it down. The incident occurred on 16 July when the IT department “noticed something peculiar on the system,” according to head Dr. Christopher Pyle.
Fortunately, none of the most sensitive systems, such as pupil databases, safeguarding, or finance, were affected, but it was still a significant disruption, Dr. Pyle said. “It happened the day before the school broke up for the summer holidays, so to the pupils’ amazement, they broke up a day early.
Fortunately, it had virtually no impact on them,” Dr. Pyle noted. The IT team initially noticed something peculiar and started to shut down parts of the system.
Cybersecurity measures in education
After a few hours, they realized the situation was more serious and appeared to be a deliberate attack, prompting them to shut the entire system down. The school contacted their cyber insurance policy staff who were “excellent,” and within an hour, experts were on a call providing advice.
The entire system was “rebuilt from scratch with added security,” Dr. Pyle said, adding that fortunately, there was no lasting damage. He mentioned that the attack “appeared to be a professional group” and that they received information indicating a ransom demand.
However, the school did not interact with any demands and remains uncertain about the identity of the attackers. Ten schools across the Fylde Coast were also affected by similar ransomware attacks earlier this month. The incident has highlighted the importance of robust cybersecurity measures in educational institutions to protect against such malicious activities.
Schools across Lancashire have been hit by a cyber attack that has affected the majority of their computer systems, the CEO of Fylde Coast Academy Trust has confirmed. Dean Logan said the Blackpool trust had been subjected to ransomware, which infected the organisation’s IT infrastructure and resulted in limited accessibility to systems. It is not known if the ransomware, a form of malicious software that encrypts files, was used to demand cash from schools or academies belonging to the trust. Mr.
Logan noted that it would take several days to understand the full impact and restore services to the schools. All ten of the trust’s academies, including Blackpool’s Aspire, Montgomery, and Unity high schools, as well as several primary schools, appear to have been affected. They have all reverted to non-IT-based processes.
Phone lines have also been impaired following the incident. Mr. Logan advised parents and carers to contact schools only when necessary. Within hours of the attack, the trust received support from the Department of Education and a cybersecurity team.
Restoration of key services is expected next week, but full restoration may take several weeks to ensure the ransomware is completely removed. Mr. Logan emphasized the importance of providing high-quality care and education for pupils during the recovery period. “Leaders, teachers, support staff, and pupils have responded very positively and with resilience,” he said.
“The skills and knowledge learnt during the Covid-19 pandemic have provided reassurance and confidence in dealing with this challenge. We are very grateful for the support from the local authority, other school trusts, and our school communities who are all pulling together to overcome this challenge.”
Restoration efforts continue as the trust works to bring all affected systems back online.
