Educational institutions, from schools to colleges and universities, are facing a rising tide of ransomware attacks that are not only costly but also challenging to recover from. Research from Sophos has shed light on the increasing challenges faced by educational institutions in combating cyber threats.

The recent report titled The State of Ransomware in Education 2024 revealed alarming statistics. For instance, 44% of schools across 14 nations surveyed reported facing ransom demands of $5 million or more. In higher education, 32% faced demands ranging between $1 million and $5 million, with 35% facing demands exceeding $5 million.

Perhaps most startlingly, schools paid out the highest median ransoms, amounting to $6.6 million. This figure was on par with ransoms paid by federal government entities.

Ransomware Landscape in Education

Despite a slight decrease in the number of ransomware attacks against educational institutions in 2024 compared to the previous year, the severity of the attacks has escalated. In 2023, 80% of lower education establishments reported ransomware attacks, dropping to 63% in 2024. Similarly, attacks in higher education decreased from 79% to 66%. However, both sectors experienced more attacks in 2024 compared to 2022.

Interestingly, schools and universities were more likely to have their data stolen, with 22% of lower education bodies and 18% in higher education falling victim to data exfiltration. Attackers often leverage this stolen data to further monetize their ransomware attacks.

Backup Compromise and Recovery Challenges

One of the key challenges faced by educational institutions is the compromise of backups by ransomware groups. In fact, 95% of organizations hit by ransomware reported attempts to compromise their backups, with a success rate of 71%. This has led to longer recovery times and higher ransom demands.

When backups were compromised, schools faced ransom demands that were five times higher on average, while demands for higher education doubled. The likelihood of paying ransoms was also three times higher for institutions with compromised backups, leading to increased recovery costs.

According to Sophos field CTO, Chester Wisniewski, ransomware attackers have become more sophisticated in their tactics, making backup compromise a common element in their attacks. This puts victims in a tight spot when it comes to recovering their data without paying hefty ransoms.

The most prevalent causes of ransomware in the education sector included vulnerability exploits, malicious emails, and compromised credentials. Daniel Shepherd, CEO of security consultants CSIS, highlighted the attractiveness of educational institutions to attackers due to the wealth of sensitive information they hold.

As schools and universities continue to modernize their IT systems, the need for robust cybersecurity measures becomes more pressing. With cyber threats on the rise, educational institutions must prioritize security to safeguard their data and operations.

For more on cyber-attacks targeting schools, read about the recent incident at Highline Public Schools: Highline Public Schools Forced to Close By Cyber-Attack