A global study of ransomware’s impact found more than half of schools paid more than the initial ransomware demand, raising concerns about the financial impact cybercrime is having on the education industry.
However, fewer schools (63%) were targeted by ransomware in 2024 than the previous year (80%), suggesting principals are becoming more serious about cybersecurity.
The annual sector survey report, ‘The State of Ransomware in Education 2024’, was conducted by Sophos and surveyed 15 industry segments across 14 countries. More than 5,000 respondents were surveyed in total.
According to 600 respondents from the education sector, the median ransom payment totalled $6.6m for schools and $4.4m for higher education institutions.
“Unfortunately, schools, universities and other educational institutions are targets that are beholden to municipalities, communities and the students themselves, which inherently creates high pressure situations if they are hit and destabilised by ransomware,” Chester Wisniewski, director, field CTO at Sophos, said.
“Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay.”
Wisniewski said ransomware attackers have also upped the ante when it comes to getting paid.
“Compromising their victims’ backups is now a mainstream element of ransomware attacks, giving adversaries the opportunity to subsequently increase the ransom demand when it is clear that the data cannot be recovered without the decryption key,” he said.
Sophos’ annual survey found that 95% of respondents said cybercriminals tried to compromise their backups during the attack, with 71% being successful – the second highest backup compromise rate across all industry sectors.
Having backups compromised also considerably increases recovery costs, with the total bill coming in five times higher in lower education and four times higher in higher education.
Wisniewski pointed out that while there appears to be some positive progress towards combatting ransomware in the education sector, the rising rate of data encryption year after year is concerning.
“This suggests educational organisations need to continue working towards improving their ransomware resilience,” he said. “With stretched resources and limited budgets, education organisations need to focus on the controls that will have the greatest impact.”