Cyberattack on Saint Cecilia's Church of England School: A Targeted Ransomware Incident by DragonForce

Incident Date:

April 21, 2024

World map



Cyberattack on Saint Cecilia's Church of England School: A Targeted Ransomware Incident by DragonForce


Saint Ceciclia's Church of England Schoool




London, United Kingdom

, United Kingdom

First Reported

April 21, 2024

Ransomware Attack on Saint Cecilia's Church of England School by DragonForce

Attack Overview

Saint Cecilia's Church of England School, a notable educational institution in London, was recently targeted in a ransomware attack by the cybercriminal group DragonForce. The attack compromised the school's official website, with approximately 6.77 GB of data taken by the attackers who then set a ransom deadline.

Victim Profile

Saint Cecilia's Church of England School serves around 800 students and is recognized for its strong academic performance, particularly in Maths and Music. The school, which emphasizes a Christian ethos, is known for its high GCSE and A-Level results, with many students advancing to prestigious universities. Annually, the school generates approximately £5 million in revenue through government grants, tuition fees, and donations.

Why Saint Cecilia's Was Targeted

The choice of Saint Cecilia's as a target by DragonForce could be attributed to several factors. As an educational institution, the school likely holds a significant amount of sensitive data, including personal information of students and staff, which are valuable for ransomware operators. Attackers also could interpret the institution's financial stability, as seen in its revenue, as a sign that it can pay a ransom. Schools also commonly exhibit weaker cybersecurity defenses relative to other industries, leaving them more exposed to such attacks.

Ransomware Group Profile

DragonForce is known for its double extortion tactics, where they not only encrypt the victim's data but also threaten to release it if the ransom is not paid. The group has been active since late 2023 and has been involved in several high-profile attacks across different sectors. Their modus operandi includes significant data exfiltration prior to encryption, maximizing pressure on the victims to comply with their demands.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.