In an alarming twist for the education sector, a recent survey by Sophos reveals that schools and universities are grappling with skyrocketing ransomware recovery costs, even as the frequency of attacks declines. The report, “The State of Ransomware in Education 2024,” highlights that many educational organizations find themselves precarious: the median ransom payments have reached a staggering $6.6 million for lower education and $4.4 million for higher education.
Chester Wisniewski, Sophos’ director and field CTO, explained educational institutions' unique pressures. “These organizations are deeply intertwined with their communities, making them feel an acute responsibility to remain operational even when under attack. This sense of duty likely pushes them to pay ransoms, despite the financial toll,” he noted.
The survey data paints a concerning picture. While the overall attack rate has dropped—63% of lower education and 66% of higher education organizations reported being targeted, down from 80% and 79%—the nature of these attacks is evolving. Cybercriminals are increasingly compromising backups, with 95% of respondents indicating attempts to breach these safety nets and 71% reporting that attackers succeeded. This trend has significantly inflated recovery costs, with those in lower education facing bills up to five times higher than before.
“Ransomware attackers have raised the stakes,” Wisniewski added. “By compromising backups, they can demand higher ransoms, knowing that victims may have no other option for recovery.”
The survey also revealed that the rate of data encryption during attacks has increased, with 85% of lower education and 77% of higher education incidents resulting in encrypted data. Additionally, data theft has become a common tactic, complicating recovery efforts even further.
Despite these challenges, the report suggests paths forward. Wisniewski emphasized the importance of a layered security approach, including vulnerability scanning and robust endpoint protection. “Educational organizations must prioritize controls that deliver significant impact, especially given their limited resources,” he advised.
In a notable shift, the survey also examined the role of law enforcement in ransomware recovery. An impressive 99% of lower education and 98% of higher education organizations sought assistance from law enforcement post-attack, with many reporting valuable guidance and support during recovery efforts.
As educational institutions navigate this treacherous landscape, the need for enhanced cybersecurity measures has never been clearer. With median recovery costs now reaching $3 million, investing in stronger defences could be the key to protecting these vital community pillars from future attacks.