Blacon High School in Cheshire has become the latest victim of a ransomware attack, forcing the school to close its doors to students for at least two days.
The attack, which occurred on Friday, January 17, has left the school’s IT systems compromised and inaccessible, with cybersecurity experts working to assess the extent of the breach.
Rachel Hudson, the headteacher of Blacon High School, confirmed the incident in a letter to parents and carers.
“We have an independent cybersecurity company working in school to understand exactly what has happened,” Hudson stated.
She added that the school may remain closed for a longer period depending on the findings of the ongoing investigation.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Ransomware is a type of malware that encrypts files or locks users out of their systems until a ransom is paid. Modern ransomware variants often employ double extortion tactics, where attackers not only encrypt data but also threaten to leak sensitive information unless their demands are met.
These attacks typically infiltrate systems through phishing emails, malicious attachments, or exploiting software vulnerabilities.
The ransomware affecting Blacon High School appears to have disrupted critical systems used for daily operations. While no group has claimed responsibility yet, similar attacks have targeted UK schools in recent years.
Prominent ransomware groups like Vice Society and LockBit have been known to exploit vulnerabilities in educational institutions.
Hudson assured parents that updates would be provided through Parent Pay, social media channels, and the school website as more information becomes available. “We will open as soon as it is safe to do so,” she said.
With phone lines down due to the attack, a temporary contact number has been set up for urgent communications.
Teachers are re-planning lessons and assigning work via Google Classroom for January 20 and 21. Senior staff are also focused on creating alternative systems to ensure the school can operate safely once it reopens.
For students relying on free school meals, arrangements have been made to collect lunches from the school’s reception between 11:00 AM and 1:00 PM during the closure.
In 2024, the education sector worldwide experienced 116 confirmed ransomware attacks, affecting 1.8 million records, with an average ransom demand of $847,000.
Hudson acknowledged the increasing frequency of such attacks, noting, “Unfortunately, cyber-attacks like this are happening more frequently despite having the latest security measures in place.
The school is working closely with cybersecurity professionals to investigate whether any sensitive data was exfiltrated, a common tactic in ransomware attacks known as data exfiltration.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…
Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…
A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…
Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as…