Frances King School of English Targeted by Vice Society in a Ransomware Attack

Frances King School of English, a premier institution for English language learning established in 1973, recently fell victim to a ransomware attack orchestrated by the Vice Society group. This incident was part of a broader offensive that compromised 14 UK schools, resulting in the unauthorized disclosure of sensitive information. This included details on children's special educational needs (SEN), passport scans, staff pay scales, and contract specifics, all of which were subsequently leaked online.

The school, with operations in London and Dublin, is renowned for its English language courses tailored to the individual needs of each student, with a particular emphasis on spoken English and communication skills. Its teaching methodologies, which prioritize speaking, are delivered through fully accredited institutions in both cities.

The Growing Threat to the Education Sector

The education sector has increasingly become a prime target for cybercriminals, attributed to the vast amounts of sensitive data maintained within school and university systems. Recent years have seen a surge in ransomware attacks against educational institutions, with 56% of lower education and 64% of higher education entities reporting incidents in the last year alone.

Vice Society, a ransomware syndicate known for its Russian-speaking members, has been particularly notorious for its assaults on public schools across various countries, including the US and UK. The group employs a double extortion strategy, compelling victims to pay a ransom under the threat of public data exposure.

Implications of the Attack

The ramifications of such cyberattacks are profound, extending beyond the immediate loss of sensitive data. The information compromised in these breaches can be exploited for financial fraud, identity theft, and potentially human trafficking. In response to the Vice Society's demands, the affected schools have adhered to the guidance of both the National Cyber Security Centre (NCSC) and the Information Commissioner's Office (ICO), opting not to pay the ransom.

In light of these events, the imperative for robust cybersecurity measures has never been clearer, particularly with the shift towards remote learning. There is a pressing need for governmental investment in the cybersecurity infrastructure of the education sector to safeguard the wellbeing of individuals and ensure the continuity of secure, productive, and user-friendly educational experiences.

Sources

• Frances King
• 14 UK Schools suffer Cyber Attack and Student Data Breach - TecSec
• Vice Society cyber gang targeted multiple UK schools