The Harris Foundation, a U.K. education charity organization that runs 50 schools has been struck by a ransomware attack that has seen its systems taken offline.

The ransomware attack hit the foundation on Saturday and according to the U.K. press today put “nearly 40,000 pupils at risk.”

The form of ransomware and whether data was stolen was not disclosed. The Harris Foundation described the attack as being “highly sophisticated” that “will have a significant impact on our academies.” Along with hiring a cybersecurity firm, the foundation has also alerted and is working with authorities, specifically the U.K. National Crime Agency and the U.K. National Cyber Security Center.

The schools run by the foundation remain open although their email and telephone systems remain offline as a precautionary measure.

“We know that some families will have important individual concerns around data and that in these cases you will want to know more about the nature of the attack,” the Harris Foundation said in a statement. “Because we do not want to risk providing incorrect information, we will communicate further once we have clarity and liaise as appropriate with the Information Commissioner’s Office.”

The attack targeting the Harris Foundation came after the U.K. National Cyber Security Center issued a warning on March 23 that the education sector was being targeted by ransomware attacks.

“Ransomware is a highly profitable and virtually riskless criminals’ business. Usage of simple technical precautions and payments in cryptocurrencies make most of the ransomware campaigns technically uninvestigable and bolsters impunity,” Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, told SiliconANGLE. “Cybercriminals are shrewd and pragmatic, and will deliberately launch attacks on the most vulnerable victims including schools and colleges.”

Unlike large universities, which can afford spending considerable budgets on cybersecurity, Kolochenko added, primary schools often struggle to get budgets even for the very foundational security controls, let alone advance cyber defense solutions.

“Worse, such victims commonly have no choice but to pay the ransom from modest school funds, leaving no money for other activities,” he said. “Government should urgently intervene with cyber training, financial and technical support in the U.K. educational sector. For example, when buying security software, a volume-discount for all schools in the U.K. could be huge and make even premium security products affordable.”

Photo: Biggibible/Wikimedia Commons