Surviving a Ransomware Attack

In November 2020, Newcastle Grammar School experienced the devastating effect of a ransomware attack. The attack affected all IT systems, compromising the sensitive data of over 900 students and staff, despite the school conducting a cyber assessment three months earlier. The attackers, including their operating systems, encrypted most of the servers. The attackers demanded a ransom of $1 million in cryptocurrency. However, with the help of their IT staff and their Cyber Insurance broker - Aon, they were able to successfully re-establish their systems over five weeks and avoided paying the ransom.

Impacts

• Brand and reputation: Newcastle Grammar School suddenly became front-page news for all the wrong reasons. Managing communications with the school community, including students, parents, staff, and the media, became a “full-time job.”

• Data loss: Permanent and temporary loss of sensitive information such as staff financial records, photographs, and documentation were just some of the immediate data compromises that impacted the school. Contacting parents to request students stay at home was made incredibly difficult, with access to get information no longer available.

• Staff and student morale: In addition to the pressure already felt by an exhausting pandemic year, students could not attend school as all systems were rendered inoperable, and staff had to re-write all end-of-year exams and reports.

• Exposing vulnerabilities in risk management: A significant cost and time investment was required to recover and rebuild vulnerable systems.