New measure in place to curb education sector ransomware attacks

At least 50% of major ransomware incidents experienced by the sector since August 2020 have been caused by attackers exploiting the Remote Desktop Protocol (RDP), a common way for users to access their computers or servers remotely from another device. 

Following consultation with the sector during summer 2021, Jisc will automatically block access from outside the UK to RDP (port 3389) from 28 March 2023. Only inbound traffic from known UK IP addresses will be allowed to proceed to port 3389. Existing restrictions will shift from an opt-in control to being on by default. 

This change follows updates to the policies that guide the use of the national research and education network, Janet, to which all UK colleges, universities and research centres are connected.     

Jisc’s director of information security policy and governance, Dr John Chapman, explains why the move is important: 

“The use of ransomware against our sector and globally has ramped up over the past couple of years and some attacks against colleges and universities have been devastating.  

“Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cyber security incident.  

“Controlling access to a known attack vector will help protect the sector as a whole against this type of attack.” 

Further information 

• Jisc member organisations that wish to opt out should email irt@jisc.ac.uk with a list of the IP addresses to exclude before 28 February 2023
• Jisc has launched a campaign, ‘defend as one’, to unite higher and further education in a common cause - to build robust defences across the sector. Members can sign up to receive personalised instructions on how to improve cyber security posture across their organisation