A Sophos survey revealed that the education sector received the highest rate of ransomware attacks in 2022. According to the newly-released sectoral survey report entitled, “The State of Ransomware in Education 2023”, 79% of higher educational organisations surveyed were hit by ransomware, while 80% of lower educational organisations surveyed were affected. Both increased from 64% and 56% respectively from 2021 data.
Moreover, the education sector reported more than half of higher educational organisations (56%) and almost half of lower educational organisations (47%) paying the ransom. While the sector reports one of the highest rates of ransom payments, doing so significantly increased recovery costs and time.
For higher educational organisations that paid the ransom, recovery costs (excluding any ransoms paid) were US $1.31 million and 63% of those recovered within a month. When using back-ups, recovery costs US $980,000; 79% of those recovered within the same timeframe.
Lower educational organisations reported average recovery costs at US $2.18 million when paying the ransom versus US $1.37 million when using back-ups. A higher percentage (63%) of those that used backups recovered within a month versus just 59% of those that paid the ransom.
Chester Wisniewski, field CTO, of Sophos, said that “while most schools are not cash-rich, they are very highly visible targets with immediate widespread impact in their communities.”
Wisniewski added that the data does not conclude if paying ransoms resolves attacks more quickly. It could likely be a factor for criminals in victim selection.
Recommendations
Sophos recommends strengthening defensive shields with security tools, through adaptive technologies that respond automatically to threats, and through 24/7 threat detection, investigation and response. It also advocates optimizing preparations for attacks such as making regular back-ups, data recovery and employing an updated response plan. It also advises maintaining good security hygiene such as patching and reviewing security tool configurations. The survey polled 3,000 IT/cybersecurity leaders in firms with between 100 and 5,000 employees, including 400 from the education sector, across 14 countries throughout the Americas, EMEA and Asia Pacific. This includes 200 from lower education (up to 18 years) and 200 from higher education (above 18 years) and both public and private sector education providers.
