Share this article on:
According to a new report, the education sector is paying more than ransomware operators initially demand in order to protect students and stakeholders.
Despite a drop in ransomware attacks against educational institutions in 2024, a new survey has found that those impacted by ransomware are paying more than is initially demanded by the criminals and are taking longer to recover.
Sophos’ The State of Ransomware in Education 2024 surveyed 600 cyber security and IT leaders from 14 countries in the Asia-Pacific region, Americas, Europe, the Middle East, and Africa.
Sixty-three per cent of respondents in the lower education sector and 66 per cent of higher education organisations fell victim to ransomware attacks last year, down from 80 and 79 per cent, respectively, the year before.
The news appears to be good, but it sours with the revelation that educational organisations are paying more than the initial demand – 55 per cent of lower education organisations paid more than was demanded, with 67 per cent of higher education respondents following suit.
The median ransom in the lower education sector is US$6.6 million, and US$4.4 million for victims in the higher education sector.
“Unfortunately, schools, universities and other educational institutions are targets that are beholden to municipalities, communities and the students themselves, which inherently creates high-pressure situations if they are hit and destabilised by ransomware. Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay,” Chester Wisniewski, director and field chief technology officer at Sophos, said in a statement.
“We also know that ransomware attackers have upped the ante when it comes to getting paid. Compromising their victims’ backups is now a mainstream element of ransomware attacks, giving adversaries the opportunity to subsequently increase the ransom demand when it is clear that the data cannot be recovered without the decryption key.”
On top of paying more, it’s also taking longer to recover from a ransomware attack. Thirty per cent of ransomware victims were able to fully recover within one week across both the lower and higher education sectors, down from 33 per cent last year for lower education organisations and 40 per cent for higher education.
Data encryption during an attack is also on the rise, and ransomware operators are increasingly targeting backups as part of their attacks.
“While there appears to be some positive progress towards combating ransomware in the education sector, it’s concerning that the rate of data encryption continues to increase year after year, which suggests educational organisations need to continue working towards improving their ransomware resilience,” Wisniewski said.
“With stretched resources and limited budgets, education organisations need to focus on the controls that will have the greatest impact. With the median ransomware recovery cost for education now hitting US$3 million, it’s clear that investing in strong prevention and protection solution can considerably reduce the overall financial impact of cyber to educational organisations.”
You can read the full The State of Ransomware in Education 2024 report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.