Charles Darwin School Closed After Ransomware Attack Disrupts Systems
A London secondary school was forced to close for several days after a ransomware attack severely disrupted its IT systems, preventing staff and students from accessing essential digital services and highlighting the growing cyber threat facing UK schools.
The incident affected Charles Darwin School, a large secondary school in south London with around 1,300 pupils.
The attack was first reported by The Record, a cybersecurity news publication operated by Recorded Future, and later covered by multiple UK media outlets.
What happened
The cyberattack was discovered during the school week, prompting leadership to take the precautionary decision to close the school site and send students home while investigations were carried out.
Initial communications described the issue as a serious IT disruption. It was later confirmed that the incident was a ransomware attack, requiring a full forensic response to determine how systems were accessed and what data may have been affected.
As part of the incident response:
- Staff laptops and devices were removed for forensic analysis
- Student and staff Microsoft 365 accounts were temporarily disabled
- External cybersecurity specialists were brought in to assess system integrity
Impact on students and staff
The attack caused immediate and significant disruption:
- Around 1,300 students were unable to attend lessons in person
- Teaching and administrative systems were taken offline
- Staff were temporarily locked out of email and digital learning tools
- Parents and carers were informed of ongoing investigations
The headteacher later acknowledged that the situation was “worse than hoped”, underscoring the seriousness of the incident.
Data access concerns
At the time of reporting, the school warned that there was a potential risk that information held on school systems could have been accessed, though investigations were ongoing.
While no confirmed misuse of data was immediately disclosed, the precautionary shutdown reflected the need to prioritise safeguarding, system integrity, and trust while forensic work continued.
Why ransomware is hitting UK schools
This incident is part of a broader trend of ransomware attacks targeting UK schools, trusts, and local authorities. Schools are often seen as attractive targets due to:
- Heavy reliance on digital learning platforms
- Limited in-house cybersecurity resources
- Time pressure to restore systems quickly
- Large volumes of personal and safeguarding data
Even a single compromised system can force full operational shutdowns.
A wider warning for London and UK schools
The closure of a London secondary school demonstrates that cyberattacks on education providers are no longer theoretical risks. They have real, immediate consequences for learning, staff workloads, and school communities.
Attacks during term time are particularly disruptive, often leaving leaders with no option but to suspend operations until system safety can be guaranteed.
Conclusion
The ransomware attack on Charles Darwin School is a clear example of how cyber incidents can bring day-to-day education to a halt.
As cyber threats against UK schools continue to rise, proactive monitoring, early detection of exposure, and clear governance oversight are becoming essential to protect learning, safeguard data, and maintain continuity.
