Sophos, an international frontrunner in the field of digital security solutions, has recently brought to light a sector-specific investigation, “The State of Ransomware in Education 2023.” This exhaustive study reveals that the education sector stood as the most heavily affected by ransomware attacks in 2022. Over the course of the previous year, a substantial surge in such security breaches was observed, with tertiary educational establishments acknowledging a 79% rate of ransomware invasions, and primary and secondary educational institutions recording an 80% rate—an escalation from the 64% and 56% rates observed in 2021, respectively.

The education sector has also witnessed a high frequency of ransom payments, with tertiary and primary/secondary institutions reporting payment rates of 56% and 47% respectively. These payments, however, have notably amplified the costs associated with recovery. In the case of tertiary educational institutions, the recovery costs, excluding the ransoms paid, increased to $1.31 million from $980,000 when backups were used. For primary and secondary institutions, the corresponding figures were $2.18 million when the ransom was paid, compared to $1.37 million when not paid.

Interestingly, the act of paying a ransom also resulted in extended recovery periods. In tertiary education establishments, 79% of institutions that used backups were back in action within a month, while this figure was 63% for those that paid the ransom. Among primary and secondary education institutions, the respective percentages were 63% for those using backups and 59% for those opting to pay the ransom.

Field CTO at Sophos, Chester Wisniewski, underscored the fact that while many educational institutions may not have deep pockets, their high-visibility status makes them attractive targets. The urgent need to resume normal operations and satisfy parent expectations often puts them under immense pressure to resolve issues swiftly, sometimes without a thorough consideration of costs.

For the education sector, the principal triggers for ransomware attacks echoed those of all sectors. However, a significantly higher number of ransomware attacks were reported to involve compromised credentials for both tertiary and primary/secondary educational institutions.

The report further shared that over three-quarters of ransomware attacks against tertiary institutions were due to exploits and compromised credentials. Two-thirds of attacks on primary and secondary institutions could be attributed to the same causes. The prevalence of encryption in ransomware attacks remained relatively consistent for tertiary institutions over the past year, while it saw a rise in primary and secondary institutions. Furthermore, tertiary institutions were found to be lagging behind the cross-sector average in terms of backup usage.

Wisniewski emphasized that the misuse of stolen credentials was a widespread issue across sectors. The low adoption rate of multifactor authentication (MFA) technology in the education sector made it particularly vulnerable to these types of attacks. Drawing a parallel to the U.S. federal government’s initiative to enforce MFA across all agencies, Wisniewski urged educational institutions of all sizes to adopt MFA for all staff and students.

Sophos advocates for several best practices to counteract ransomware and other digital attacks. The firm recommends strengthening defensive mechanisms, optimizing attack readiness, and ensuring robust security hygiene.

More information about “The State of Ransomware in Education 2023” can be found in the comprehensive report on the Sophos website.

The State of Ransomware 2023 survey involved extensive interaction with 3,000 IT/digital security leaders in organizations housing between 100 and 5,000 employees. Of these, 400 hailed from the education sector across 14 countries in the Americas, EMEA, and Asia Pacific, representing both lower and higher education as well as both public and private sector education providers.