Cyber Security News

Ransomware Attack Forces UK Balcom High School to Close Doors for Students

Blacon High School in Cheshire has become the latest victim of a ransomware attack, forcing the school to close its doors to students for at least two days. 

The attack, which occurred on Friday, January 17, has left the school’s IT systems compromised and inaccessible, with cybersecurity experts working to assess the extent of the breach.

Rachel Hudson, the headteacher of Blacon High School, confirmed the incident in a letter to parents and carers. 

“We have an independent cybersecurity company working in school to understand exactly what has happened,” Hudson stated

She added that the school may remain closed for a longer period depending on the findings of the ongoing investigation.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Ransomware Impact

Ransomware is a type of malware that encrypts files or locks users out of their systems until a ransom is paid. Modern ransomware variants often employ double extortion tactics, where attackers not only encrypt data but also threaten to leak sensitive information unless their demands are met. 

These attacks typically infiltrate systems through phishing emails, malicious attachments, or exploiting software vulnerabilities.

The ransomware affecting Blacon High School appears to have disrupted critical systems used for daily operations. While no group has claimed responsibility yet, similar attacks have targeted UK schools in recent years. 

Prominent ransomware groups like Vice Society and LockBit have been known to exploit vulnerabilities in educational institutions.

Hudson assured parents that updates would be provided through Parent Pay, social media channels, and the school website as more information becomes available. “We will open as soon as it is safe to do so,” she said.

With phone lines down due to the attack, a temporary contact number has been set up for urgent communications.

Teachers are re-planning lessons and assigning work via Google Classroom for January 20 and 21. Senior staff are also focused on creating alternative systems to ensure the school can operate safely once it reopens.

For students relying on free school meals, arrangements have been made to collect lunches from the school’s reception between 11:00 AM and 1:00 PM during the closure. 

 In 2024, the education sector worldwide experienced 116 confirmed ransomware attacks, affecting 1.8 million records, with an average ransom demand of $847,000.

Hudson acknowledged the increasing frequency of such attacks, noting, “Unfortunately, cyber-attacks like this are happening more frequently despite having the latest security measures in place. 

The school is working closely with cybersecurity professionals to investigate whether any sensitive data was exfiltrated, a common tactic in ransomware attacks known as data exfiltration.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Kaaviya

Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.

Recent Posts

New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…

27 minutes ago

RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access

Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…

2 hours ago

AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…

2 hours ago

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …

3 hours ago

WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…

7 hours ago

Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as…

8 hours ago