Education Planning Group: Cyber security warning

Would you like to view this email in a web page? Click here

Urgent cyber security advice from the North West Regional Organised Crime Unit

There has been a spate of ransomware attacks across the region, and now expanding nationally, that have been specifically targeted the education sector (all levels).  The ransomware itself is capable of encrypting data AND backups kept on the network.

The following precautions are strongly recommended:

  • Make an offline/isolated backup of your business critical data as the ransomware is capable of finding network backups and encrypting them.
  • Close any ports that are open unnecessarily or are vulnerable, specifically (but not exclusively) RDP Ports.
  • Ensure there are strong passwords on admin and service accounts or accounts with increased privileges. Any default system accounts should also be checked.
  • Ensure your operating system, software and applications are up to date (specifically Anti-Virus)
  • Enable lockout thresholds for user account login attempts to defend against brute force attacks

Anyone who thinks they may have been subject to a ransomware attack, should contact Action Fraud ( or 0300 123 2040).


In addition, please find links below to a set of guides outlining some simple steps you can take to strengthen your cyber security.  These can be circulated across your establishments as you see fit.