In 2022, ransomware attacks were most common in the education sector, according to a new analysis from cybersecurity company Sophos. According to the paper The State of Ransomware in Education 2023, higher education institutions reported being attacked by ransomware 79% of the time, while lower education institutions reported being targeted 80% of the time—an rise from 64% and 56%, respectively, in 2021.
The sector also reported one of the highest rates of ransom payments, with almost half [47%] of lower educational institutions and more than half [56%] of higher educational institutions paying the ransom. However, both higher and lower educational organisations experienced a large increase in recovery expenses as a result of paying the ransom. Higher education institutions that paid the ransom had recovery expenses [excluding any ransoms paid] of $1.31 million as opposed to $980,000 when employing backups. For institutions of lower learning, the average cost of recovery was $2.18 million when the ransom was paid vs $1.37 million when it wasn’t.
Additionally, paying the ransom extended victims’ time in recovery. In higher education organisations, 79% of those that used backups were able to recover within a month, compared to only 63% of those who paid the ransom. For institutions of lower learning, 63% of those who used backups were able to recover within a month, compared to just 59% of those who paid the ransom.
Although the majority of schools are not well-funded, they are very visible targets with a direct, substantial impact on their neighbourhoods. Pressure to keep the doors open and respond to parents’ requests to “do something” is probably what pushes people to find a quick, inexpensive solution to the issue.
Sadly, there is no evidence to suggest that paying a ransom speeds up the resolution of these attacks, although it is probably a factor in the criminals’ choice of victims, according to Chester Wisniewski, field CTO at Sophos.
Although the root causes of ransomware attacks for the education sector were similar to those for all other sectors [29% for the average cross-sector], there were significantly more ransomware attacks involving compromised credentials for both higher and lower educational organisations.