Schools were locked out of systems, councillor points to multi-academy chain.
A ransomware attack affected 11 Shropshire schools and led to "pupils being unable to submit coursework for several weeks.
According to media reports, West Mercia Police and Crime Panel said its cyber unit had supported several high-impact investigations, including the ransomware attack affecting 11 schools.
A "sensitive case involving AI-generated imagery at two schools" and cryptocurrency related matters were also dealt with, according to notes from a meeting of the panel, and reported by BBC News.
Bagley councillor Benedict Jephcott said it was connected to a multi-academy chain and may not have happened if it had "not enforced integration across sites."
Disconnecting Equipment
One large secondary school did not have a single working printer due to the attack, stated the councillor, who believed that disconnecting equipment could be a way to stop the issues.
Adam Boynton, senior security strategy manager EMEIA at Jamf, said the attack against schools in Shropshire mirrors a trend we’re seeing – cyber-criminals targeting school systems that affect students nearing their GCSEs and A-levels. “Missing coursework deadlines would have been highly stressful for students and teachers, especially given it often reflects months of work that can shape future education and career paths,” he said.
“As schools adopt more devices, move services online, and spend more time connected, they become incr
Source: https://insight.scmagazineuk.com/schools-hit-by-ransomware-locked-out-for-three-months
TPRM report: https://www.rankiteo.com/company/the-rainbow-multi-academy-trust
"id": "the1764338785",
"linkid": "the-rainbow-multi-academy-trust",
"type": "Ransomware",
"date": "2025-11-28T00:00:00.000Z",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'incident': {'affected_entities': [{'customers_affected': 'students, '
'teachers, staff '
'(exact number '
'unspecified)',
'industry': 'education',
'location': 'Shropshire, UK',
'name': '11 Shropshire Schools '
'(Multi-Academy Chain)',
'size': None,
'type': 'educational institution'}],
'data_breach': {'data_encryption': 'yes (ransomware)',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'A ransomware attack locked 11 schools in '
'Shropshire out of their systems, preventing '
'pupils from submitting coursework for several '
'weeks. The incident was linked to a '
'multi-academy chain, with integration across '
'sites cited as a potential contributing factor. '
'One large secondary school had no working '
'printers due to the attack. The case also '
'involved AI-generated imagery at two schools and '
'cryptocurrency-related matters. West Mercia '
"Police's cyber unit supported the investigation.",
'impact': {'brand_reputation_impact': 'moderate (public '
'disclosure, stress on '
'students/teachers)',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': 'several weeks (coursework submission '
'disruption)',
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': 'high (schools locked out of '
'systems, printers '
'non-functional, coursework '
'deadlines missed)',
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': ['school management systems',
'printers',
'coursework submission '
'platforms']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': 'student '
'coursework '
'data, school '
'operational '
'systems',
'reconnaissance_period': None},
'investigation_status': 'ongoing (supported by West Mercia '
'Police cyber unit)',
'lessons_learned': 'Integration across sites in multi-academy '
'chains may increase vulnerability; '
'disconnecting equipment can mitigate spread '
'but disrupts operations. Schools adopting '
'more devices and online services become '
'higher-value targets, especially during '
'critical academic periods (e.g., '
'GCSE/A-level deadlines).',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': ['Potential '
'over-integration '
'across multi-academy '
'chain sites (cited '
'by councillor '
'Benedict Jephcott).',
'Targeting of schools '
'during high-stakes '
'academic periods '
'(GCSE/A-level '
'deadlines).',
'Increased digital '
'adoption (devices, '
'online services) '
'without proportional '
'security measures.']},
'ransomware': {'data_encryption': 'yes',
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': ['Review integration strategies in '
'multi-academy chains to balance efficiency '
'and security.',
'Implement robust backup systems for '
'coursework and critical data.',
'Enhance cybersecurity training for staff '
'and students.',
'Develop incident response plans tailored to '
'educational institutions, including '
'communication strategies for '
'students/parents during disruptions.',
'Consider network segmentation to limit '
'lateral movement in ransomware attacks.'],
'references': [{'date_accessed': None,
'source': 'BBC News',
'url': None},
{'date_accessed': None,
'source': 'West Mercia Police and Crime Panel '
'meeting notes',
'url': None},
{'date_accessed': None,
'source': 'Adam Boynton, Senior Security '
'Strategy Manager EMEIA at Jamf',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': ['disconnecting equipment '
'(suggested by '
'councillor)'],
'enhanced_monitoring': None,
'incident_response_plan_activated': 'yes (West '
'Mercia Police '
'cyber unit '
'involved)',
'law_enforcement_notified': 'yes (West Mercia '
'Police)',
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Ransomware Attack on 11 Shropshire Schools Linked to '
'Multi-Academy Chain',
'type': 'ransomware'}}