11-12 June 2025
Hall 4, Bombay Exhibition Centre, Mumbai
When a secondary school in Antwerp declined to pay a ransom, the cybercrimes didn’t stop. Rather the criminals intensified their attack, first moving beyond school systems and directly targeting parents.
After the Christmas break, the attackers compromised the local network of OLV Pulhof, a high school in the Berchem district of Belgium. Though the school has not disclosed details, the Belgian police have confirmed that they are investigating the matter. Local newspapers report that the hackers sent an extortion letter in January, calling themselves “LockBit” and stating that they had access to the private data of students and staff, including financial and confidential mental health records.
However, the story quickly became suspicious. The group spelled LockBit’s name wrong and used email-based extortion a method not consistent with experienced ransomware gangs, which usually leave ransom notes on the systems they have encrypted and use dedicate negotiation portals. Also, the asked ransom of €15,000 was very low compared to LockBit’s typical demands.
After the school declined to communicate with them, the attackers decided to change their strategy. They sent emails directly to parents, informing them that they should either convince the school to pay the ransom or pay the €50 per child themselves. The hackers warned that if the parents did not comply, the students’ data would be leaked or sold. The school informed the parents.
The incident is not a singular one. Schools have become among the most heavily attacked entities worldwide. A UK government survey found that six in ten secondary schools suffered a cyberattack or breach in the past year, rising to eight in ten further education colleges and nine in ten universities—far higher than private businesses.
Without a doubt they highlight the enormity of the crisis.
At the University of Pennsylvania, students and faculty received alarming emails claiming systems had been hacked. In Washington State, a 2024 ransomware attack on Highline Public Schools exposed Social Security numbers, medical records, passports, and digital signatures of staff and students.
According to Check Point Research, from January to July 2025 the education sector was the most attacked industry worldwide, averaging 4,356 cyberattacks per organization each week—a 41% year-on-year increase.
As schools incorporate technology in teaching and administrative services, the threat actors are right behind them. As we can see from the Antwerp case: when schools are breached, the fallout doesn’t stop at the school gate—it can land directly in parents’ inboxes.