SPECIAL REPORT: Public bodies are a prime target for ransom attacks in Northamptonshire, our study finds

Johnston Press Investigations has sent out hundreds of FOI requests to reveal the full extent of cyber crime in the UK.
Johnston Press Investigations has sent out hundreds of FOI requests to reveal the full extent of cyber crime in the UK.

Hackers are demanding hundreds of ransoms from public bodies in Northamptonshire, a  major study has found - and the county’s only university is their prime target.

Johnston Press Investigations launched a countrywide probe looking into the rise in online crimes in March, which involved sending hundreds of Freedom of Information requests to public organisations from local councils to NHS trusts and universities.

Professor Mils Hills says there are a number of reasons why universities can be a target of cyber crime.

Professor Mils Hills says there are a number of reasons why universities can be a target of cyber crime.

Here in the county our study has revealed that five of the seven local authorities in the county were unaffected by the online fraudsters.

However, Northampton Borough Council, was hit once by a hacker demanding a ransom for the release of files, while South Northamptonshire Council was hit twice.

In both cases no ransom was paid.

But the University of Northampton is the clear focal point for hackers, the study found, having been hit 183 times in all, with methods ranging from ‘phishing’ scams to ransomware attacks, over the past three years.

A typical ransomware attack.

A typical ransomware attack.

The number of overall attacks on the university - which has 13,000 students - is also rising year-on-year.

In 2014 its servers, which are used by both staff and students, were attacked 27 times, but by 2016 that number had more than doubled to 75.

Despite being only halfway through 2017, that figure is on course to rise again as there has already been 43 attacks.

“On only one occasion was an attack successful,” the university stated in its FOI response.

Northampton General Hospital had to resort to using paper and pen when it took steps to avoid the spreading WannaCry virus in May.

Northampton General Hospital had to resort to using paper and pen when it took steps to avoid the spreading WannaCry virus in May.

“This resulted in the loss of data by one individual. The data was non-confidential and consisted of one day’s worth of files.”

A spokeswoman for the university said: “Universities across the country have increasingly been the target of cyber-attacks and phishing scams in recent years, and therefore we have bolstered our online security and ensured all staff have access to training in how to prevent and protect against online criminals. It is testament to the preventative measures we have set up that despite the growing number of attacks, we have not had a single breach of confidential files.”

The university's resident cyber crime expert and associate professor Mils Hills, said there are many reasons why educational institutions are likely to be an appealing target for ransomware attackers.

"Because universities rely on digital systems for work and grades - If cyber attackers were to get inside their systems, you can see how data can become vulnerable,” he said.

The University of Northampton is a prime target for cyber hackers, a study by Johnston Press investigations has found.

The University of Northampton is a prime target for cyber hackers, a study by Johnston Press investigations has found.

“But let’s say they threatened to change a set of students’ grades, it would be impossible to know which had been changed and which hadn’t. The integrity of the university could be at stake.”

But Northampton's university was by no means the worst hit across the country.

Anglia Ruskin University was subject to more than six million phishing email attempts in one year, though it claims most of these were blocked by its spam filters and only 32 required ‘some form of action’.

“This most commonly involved resetting the password of an individual’s account,” said a spokesman.

A server user at Queen’s University Belfast, believed to have been a researcher using the outdated Windows XP, paid a £400 ransom to retrieve files.

Oxford Brookes, said it had only suffered two cyber attacks over the past three years, but then described both of those as ‘mass phishing’ attacks.

Across the country’s 136 universities, 25 refused our request under section 31 of the act - which affords public bodies the right to protect information that would make it more vulnerable to crime.

Of those, Bournemouth University said revealing the data would “enable external parties, who are not privy to the confidential aspects of the University's IT systems knowledge of the security systems.”

"It is not uncommon for universities to be the target of cybersecurity attacks,” said a spokeswoman.

“There are security processes in place at Bournemouth University to deal with these types of incident."

Others were far more open in their response to the attacks, which predominantly took the form of hackers ‘phishing’ for personal data, which is becoming an increasingly lucrative black market commodity.

The London School of Economics revealed that it had experienced 14 parent attacks during the past three years, but that the type of data compromised included email accounts, departmental servers, mobile devices, user accounts, access to external resources, workstations, contact details, the web server and Twitter accounts. The data lost was not ‘confidential’, it added.

Out of those attacks, the university claimed six prosecutions were made against cyber criminals.

The country’s top establishment Oxford University had malicious code dumped on its system 117 times in one month.

Northampton General Hospital failed to respond to the FOI request by Johnston Press investigations - though it had previously claimed to have avoided the recent devastating WannaCry attack that hit trusts up and down the country.

A spokeswoman for the hospital trust, which had to resort to using pen and paper for a day on May 12, said that as a result of the WannaCry hack: “We ran diagnostic checks of all of our systems and identified some areas of vulnerability and took mitigating action.

“While this was happening, we continued to deliver services with staff working commendably to find safe and practical interim measures to capture and share data.”