The education sector experienced the highest rate of ransomware attacks in 2022 according to a new report by cybersecurity service firm Sophos.
Titled “The State of Ransomware in Education 2023” the report shows that 79 percent of higher educational institutions and 80 percent of lower educational institutions reported being targeted by ransomware, indicating a rise from the previous year’s figures of 64 percent and 56 percent, respectively.
Education sector also witnessed a significant proportion of ransom payments, with 56percent of higher educational institutions and 47percent of lower educational institutions choosing to pay the ransom.
However, it was discovered that paying the ransom led to a considerable increase in recovery costs for both categories.
Ransomware Attacks on Higher Education
For higher educational institutions, recovery costs were $1.31 million when paying the ransom, compared to $980,000 when relying on backups.
Similarly, lower educational organizations faced average recovery costs of $2.18 million when paying the ransom, versus $1.37 million when not paying.
“While most schools are not cash-rich, they are very highly visible targets with immediate widespread impact in their communities. The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible,” reads the report in Part
Furthermore, victims who paid the ransom experienced prolonged recovery times.
Among higher educational organizations, 79 percent of those using backups recovered within a month, whereas only 63 percent of those who paid the ransom achieved the same timeframe.
For lower educational organizations, 63 percent of those utilizing backups recovered within a month, compared to only 59percent of those who paid the ransom.
Chester Wisniewski, field CTO at Sophos, emphasized that schools, despite not being cash-rich, are highly visible targets with a significant impact on their communities.
The pressure to respond quickly to such attacks often leads to paying the ransom without considering the cost implications.
However, data suggests that paying ransoms does not necessarily resolve the attacks faster, but it does make educational institutions more attractive targets for cybercriminals.
Impact of the Attacks
The root causes of ransomware attacks in the education sector aligned with those seen across all sectors, with compromised credentials playing a significantly greater role in both higher (37 percent ) and lower (36percent ) educational organizations compared to the cross-sector average (29percent ).
Other noteworthy findings from the report include:
• Exploits and compromised credentials were responsible for 77 percent of ransomware attacks on higher educational institutions and 65percent on lower educational institutions.
• The rate of encryption remained steady for higher educational institutions (74 percent in 2021 to 73percent in 2022) but increased from 72 percent to 81 percent for lower educational institutions during the past year.
• Higher educational institutions reported a lower rate of using backups (63 percent) compared to the cross-sector average (70percent ), while lower educational organizations had a slightly higher rate (73percent ) than the global average.
• Lack of adoption of multifactor authentication (MFA) technology in the education sector made it more vulnerable to credential-based attacks.