Share this article on:
A new survey has shed some light on the growing threat and impact of ransomware attacks on schools.
The survey, from security company Kaspersky, polled 2,000 parents of school-age children in the United States, and looked into the costs and reporting of ransomware attacks for the year 2022. It is the third such survey Kaspersky has conducted, and it reveals some worrying trends.
The key takeaway is that there are more attacks happening to schools, and they are costing more money. Fourteen per cent of parents reported that their child’s school fell victim to a ransomware attack — a 5 per cent increase from the previous year. And while the cost of paying a ransom was on average US$375,311 in 2021, that has now increased significantly to an average of US$887,360 in 2022.
Thankfully, some figures remained stable, however, only 60 per cent of parents reported a child’s data as being compromised, down a single percentage point from 2021.
Some areas even showed improvements. Eighty-one per cent of parents felt confident that schools could handle cyber security incidents, for instance, compared to 68 per cent the year before.
The number of schools paying ransoms in excess of US$1 million did increase, however, from 3.7 per cent in 2021 to 10 per cent in 2022. Alarmingly, 2.2 per cent reported schools paying ransoms of between US$10 million and US$20 million.
One area that truly seemed to be all over the shop was how schools reported ransomware attacks to parents. Only 31.9 per cent of parents were informed directly by schools, leaving the rest to hear from their children (19.6 per cent) or even social media (19.2 per cent). Others only learnt of attacks from local news, other parents, or well after the fact.
“This fall, cyber criminals continued to attack vulnerable schools in an effort not only to get ransom money, but also to steal students’ and teachers’ Social Security numbers, banking information, and even medical histories,” said Kurt Baumgartner, principal security researcher at Kaspersky. “It is, however, encouraging to see that a growing number of schools appear to be protecting student data. We urge school administrators to build on this success by employing some basic security mechanisms, such as multi-factor authentication, regular software updates and training staff and students to spot phishing attacks.
“No one should ever pay a ransom, which continues to perpetuate the problem.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.