A recent report has revealed that the education sector reported the highest rate of ransomware attacks in 2022. Titled ‘The State of Ransomware in Education 2023’, the report by Sophos follows a survey that was conducted among higher and lower educational organizations.
Over the past year, 79 percent of higher educational organizations surveyed reported being hit by ransomware, while 80 percent of lower educational organizations surveyed were targeted – an increase from 64 percent and 56 percent in 2021, respectively.
The education sector also reported one of the highest rates of ransom payment with more than half of higher educational organizations paying and nearly half of lower educational organizations paying the ransom. However, paying the ransom significantly increased recovery costs for both higher and lower educational organizations.
Recovery costs [excluding any ransoms paid] for higher educational organizations that paid the ransom were $1.31 million when paying the ransom versus $980,000 when using backups. For lower educational organizations, the average recovery costs were $2.18 million when paying the ransom versus $1.37 million when not paying.
Paying the ransom also lengthened recovery times for victims. For higher educational organizations, 79% of those that used backups recovered within a month, while only 63% of those that paid the ransom recovered within the same timeframe. For lower educational organizations, 63% of those that used backups recovered within a month versus just 59% of those that paid the ransom.
“While most schools are not cash-rich, they are very highly visible targets with immediate widespread impact in their communities. The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible without regard for cost. Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals,” said Chester Wisniewski, field CTO, Sophos.
For the education sector, the root causes of ransomware attacks were similar to those across all sectors, but there was a significantly greater number of ransomware attacks involving compromised credentials for both higher and lower educational organizations [37% and 36% respectively versus 29% for the cross-sector average]
“Abuse of stolen credentials is common across sectors for ransomware criminals, but the lack of adoption of multifactor authentication [MFA] technology in the education sector makes them even more at risk of this method of compromise. Like the U.S. federal government’s initiative to mandate all agencies use MFA, it is time for schools of all sizes to employ MFA for faculty, staff and students. It sets a good example and is a simple way to avoid many of these attacks from getting in the door,” said Wisniewski.
The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees, including 400 from the education sector, across 14 countries in the Americas, EMEA and Asia Pacific. This includes 200 from lower education [up to 18 years] and 200 from higher education [above 18 years] and both public and private sector education providers.