Ransomware attacks have become a persistent threat, with their numbers steadily rising over the years. Among the sectors significantly affected by these attacks in 2023, the education industry stands out as a prominent target.
A sectoral study by Sophos unearthed minute details about the impact of ransomware attacks on educational institutions. One of the most startling findings was that the education sector stood first among the sectors making ransom payments.
Close to 44% of education providers experienced a ransomware attack in 2021. The 2023 rates of education sector ransomware attacks are more than double than reported in the 2021 Sophos survey.
The education sector amounted to 56% of those paying a ransom for data recovery. However, it was also discovered that the data recovery cost dropped from $1.42 million in 2022 to about $1 million in 2023.
The survey included 400 IT/cybersecurity professionals from the education sector in 14 countries.
Costs and other impacts of increased education sector ransomware attacks
About 80% of lower education providers and 79% of higher education providers were found to have suffered ransomware attacks in 2023. More hackers were found encrypting data from the education sector ransomware attacks as compared to others.
“While the cross-sector recovery costs increased year over year, in lower education, they have remained level ($1.59M in the 2023 report vs. $1.58M the in 2022 report),” the Sophos report read.
The following are related findings about education sector ransomware attacks 2022-2023 –
- An increase in data encryption was witnessed from 72% in 2022 to 81% in 2023.
- Higher education suffered data encryption at a rate of 73% which was 74% last year.
- 18% of ransomware attacks were stopped on lower education with the data remaining safe from being encrypted. This was 22% in 2022.
- The rate of mitigation before data encryption increased in higher education from 22% to 25% this year.
- 27% of lower education reported data being stolen after encryption.
- 35% of higher education reported data exfiltration after encryption.
- 40% of ransomware attacks on higher education were due to vulnerability exploitation.
- 37% of ransomware attacks on higher education were due to compromised credentials.
- The third cause of the highest ransomware attacks on higher education was phishing emails amounting to 19%.
- All higher education and 99% of lower education succeeded in getting their data back.
Root causes of attacks: Higher education
Root causes of attacks: Lower education
Experts discuss the growing concern of ransomware attacks
Responding to the survey related to the education sector ransomware attacks, Chester Wisniewski, who is the field CTO of Sophos expressed concerns about the same.
He said, “The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible without regard to cost.”
Addressing the targeting of schools, and the urge to make payments, he said, “Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals.”
Causes of increased education sector ransomware attacks in 2023
Analyzing the causes helping hackers successfully launch ransomware attacks on the education sector, it was found that stolen credentials led to 36% of attacks. Vulnerabilities in software were second leading to 29% of education sector ransomware attacks.
30% of attacks were made using phishing emails sent to the target to gain initial access to a system. It amounted to nearly one-third of all ransomware attacks on educational institutions in 2023.
Emphasizing the need for MFA, Wisniewski said, “Like the U.S. federal government’s initiative to mandate all agencies use MFA, it is time for schools of all sizes to employ MFA for faculty, staff, and students.”
“It sets a good example and is a simple way to avoid many of these attacks from getting in the door,” Wisniewski concluded.