Note: if you are a student or parent, please see our Essential Info for Students page for updates.
South & City College Birmingham became aware of a security incident when our network alerting saw some irregular behaviour on one of the autonomous system accounts around midnight on 12 March 2021.
The attack was structured and sustained, involving the remote execution of an earlier deployed suite of malware resulting in some systems becoming infected with the ‘Mount Locker’ ransomware.
Some data was accessed during the attack and our technical teams are investigating the nature and scope of this data as technical services become available to them once again. We have spoken to the ICO (Information Commissioners Office) about the attack and will update all parties with our findings.
Our incident response team conducted initial investigations and, alongside our retained external forensics team, worked around the clock to remove infected systems from the network and isolate critical systems.
While investigations continue, South & City College Birmingham are confident that we have identified the exact time of the attack and the elaborate steps taken by the attackers thanks to combination of our end-point and network monitoring, logging and alerting.
We have now started the restoration of services and the rebuild of our environment from recent and unaffected backups. Ransomware encrypts important data, which we can fortunately restore, however this is a lengthy process.
Several other global organisations have suffered from ransomware attacks in recent days and we are in contact with NCSC (National Cyber Security Centre) and the NCA (National Crime Agency) in order to stay abreast of the constantly evolving threat landscape.
We will keep all staff and students advised of our progress and our teams are prioritising restoration of critical services. Advice for students is available on our Essential Info for Students page.
Thank you all for your patience during this difficult time.