From the perspective of the hackers, it's easy to understand the attraction. Most hackers gain access to target networks, especially in the education ecosystem, is by exploiting weak passwords and unpatched vulnerabilities in Remote Desktop Protocols (RDP) and VPN's. Unfortunately, in most cases, by the time network security personnel are aware that there's a problem, the damage has already been done.
The NCSC made the following recommendations to help prevent, or at least mitigate the damage caused by ransomware attacks:
Unfortunately, none of these steps will guarantee that you won't fall victim to a ransomware attack. However, it will certainly make it harder for the hackers to compromise your network, and if they do, you'll be well-positioned to mitigate the damage and get your business back up and running.
It's sound advice that all organizations, regardless of type should follow. Kudos to the NCSC for keeping a watchful eye out for the danger, and for being quick to alert everyone to it. Here's hoping it's enough.