Ransomware Hits Education: $6.6M Payouts, Slower Recovery

News Desk -

Share

Sophos, a global cybersecurity solutions company, has released its latest annual report, The State of Ransomware in Education 2024, revealing alarming trends within the education sector. According to the report, ransomware remains a significant threat, with median ransom payments reaching $6.6 million for lower education and $4.4 million for higher education institutions. Additionally, over half of the surveyed organizations in both sectors—55% in lower education and 67% in higher education—paid more than the initial ransom demand.

One of the most concerning findings is the increasing strain on recovery efforts. Only 30% of ransomware victims in the education sector managed to fully recover within a week, down from last year’s figures of 33% in lower education and 40% in higher education. The slowing recovery is attributed to resource constraints, making it difficult for institutions to coordinate rapid recovery efforts.

“Schools, universities, and other educational institutions are under immense pressure from municipalities, communities, and students, making them highly vulnerable to ransomware attacks,” said Chester Wisniewski, Director and Field CTO at Sophos. “The need to remain operational pushes institutions towards paying ransoms, especially when attackers compromise their backups.”

A staggering 95% of respondents reported that cybercriminals targeted their backups, with 71% of those attempts being successful. This leads to significantly higher recovery costs, five times higher in lower education and four times higher in higher education.

Despite the challenges, there has been a slight reduction in overall attack rates, with 63% of lower education and 66% of higher education institutions reporting ransomware attacks, down from 80% and 79% last year. However, the rate of data encryption during attacks has risen, affecting 85% of lower education and 77% of higher education institutions.

Sophos’ report highlights that vulnerabilities remain the primary cause of ransomware attacks in the education sector, with 44% of lower education and 42% of higher education organizations being compromised due to exploited weaknesses.

Sophos recommends a layered security strategy for educational institutions, emphasizing vulnerability management, endpoint protection, and 24/7 human-led managed detection and response (MDR) services to mitigate risks.

With the median ransomware recovery cost now standing at $3 million, Wisniewski urges educational organizations to prioritize preventive measures to minimize financial losses.

The 2024 report also introduces new insights into the role of law enforcement in ransomware cases. Nearly all educational institutions involved law enforcement after an attack, with 64% in lower education and 66% in higher education benefitting from guidance on managing the crisis.

Sophos’ State of Ransomware in Education 2024 report is based on a survey of 600 IT and cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. The respondents represent organizations with 100 to 5,000 employees.

Key Takeaways:

– Median ransom payments: $6.6M (lower education), $4.4M (higher education).

– Only 30% of victims recovered within a week.

– 95% of attacks targeted backups, with 71% success.

– Ransomware recovery costs in education now average $3M.

– Law enforcement engagement was crucial for 99% of affected organizations.