Survey Reveals Alarming Increase in Ransomware Attacks on Education Sector

Discover the alarming rise in ransomware attacks on the education sector in 2022, as reported by cybersecurity leader Sophos.

Sophos, a renowned global leader in providing cybersecurity as a service, has recently released a new sectoral survey report titled “The State of Ransomware in Education 2023.” The report highlights a distressing trend in the education sector, with the occurrence of ransomware attacks reaching an all-time high in 2022.

According to the survey findings, a staggering 79% of higher educational organizations and 80% of lower educational organizations reported falling victim to ransomware attacks in the past year. These figures represent a significant increase from the previous year’s 64% and 56%, respectively, underscoring the growing threat that educational institutions face from cybercriminals.

One of the most alarming revelations from the report was the high rate of ransom payment by educational organizations. Approximately 56% of higher educational institutions and 47% of lower educational institutions opted to pay the ransom demanded by the attackers. However, contrary to expectations, paying the ransom did not lead to quicker resolution of the attacks. On the contrary, it significantly increased recovery costs for both higher and lower educational organizations.

For institutions that chose to pay the ransom, the average recovery costs were $1.31 million for higher educational organizations and $2.18 million for lower educational organizations. In stark contrast, organizations that relied on backups for recovery spent significantly less, with higher educational organizations spending $980,000 and lower educational organizations spending $1.37 million.

Moreover, paying the ransom resulted in prolonged recovery times for the victims. Of the higher educational organizations that used backups, 79% recovered within a month, whereas only 63% of those that paid the ransom managed to recover within the same timeframe. Similarly, among lower educational organizations, 63% of those with backups recovered within a month, while only 59% of those that paid the ransom did so in the same period.

Commenting on the findings, Chester Wisniewski, field CTO at Sophos, expressed concern over the pressure faced by educational institutions to quickly resolve ransomware attacks. He highlighted that this urgency, driven by the need to keep schools operational and address parental concerns, often led to rash decisions that did not consider the potential costs and implications of paying ransoms.

The root causes of ransomware attacks in the education sector were found to be similar to those across all sectors. However, the survey revealed a notably higher number of attacks involving compromised credentials, affecting 37% of higher educational organizations and 36% of lower educational organizations, compared to the cross-sector average of 29%.

Sophos emphasized the urgent need for educational institutions to adopt multifactor authentication (MFA) technology to mitigate the risk of credential-based compromises. Notably, the report indicated that the lack of MFA implementation in the education sector made it even more susceptible to such attacks.

To defend against ransomware and other cyber threats, Sophos recommended the following best practices:

  1. Strengthen defensive measures with security tools that target common attack vectors, including robust endpoint protection with anti-exploit capabilities and Zero Trust Network Access (ZTNA) to combat compromised credentials abuse.
  2. Employ adaptive technologies that automatically respond to attacks, disrupting adversaries and providing defenders with valuable response time.
  3. Invest in 24/7 threat detection, investigation, and response through either in-house capabilities or by partnering with specialist Managed Detection and Response (MDR) providers.
  4. Optimize attack preparedness by regularly backing up data, practicing data recovery from backups, and maintaining up-to-date incident response plans.
  5. Maintain good security hygiene by promptly applying patches and regularly reviewing security tool configurations.

As ransomware attacks continue to pose a significant threat to the education sector, it is crucial for educational institutions of all sizes to proactively implement robust cybersecurity measures to safeguard their data and operations from the clutches of cybercriminals.