Ransomware attacks in the education sector above average
According to the latest figures from the Sophos report The State of Ransomware in Education 2024, educational institutions are still at high risk from ransomware and its effects.
Compared to the previous year, ransomware attacks on organizations in the lower education sector (schools) and higher education sector (universities) have fallen, but the attack rates are still above the global, cross-industry average of 59 percent.
Second highest rate of compromised backups
95 percent of educational institutions affected by ransomware last year reported that cybercriminals attempted to compromise their backups during the attack. Of these, 71 percent were successful, which is the second highest rate of successful backup compromises across all sectors after the energy, oil/gas and utilities sectors.
Further increase in data encryption rates
85% of ransomware attacks on lower education institutions and 77% on higher education institutions resulted in data encryption last year, up slightly from 81% and 73% respectively in the previous year. For educational institutions, this is the second year in a row in which the encryption rate has risen. Only state and local authorities were more likely to have their data encrypted in the event of an attack, at 98 percent.
Cost explosion for the restoration
The average cost of remediating a ransomware attack in 2024 for organizations in the lower education sector was $3.76 million, more than twice as much as the previous year ($1.59 million). Higher education organizations reported an average cost of $4.02 million, almost four times as much as in 2023 ($1.06 million).
Use of backups is increasing, but unfortunately also the willingness to pay ransoms
62 percent of respondents from the lower education sector paid the ransom to get encrypted data back, while 75 percent restored encrypted data using backups. 67 percent of higher education institutions paid the ransom to recover data, while 78 percent used backups. The three-year view of the education sector shows an increase in backup usage. In 2023, the higher education sector was among the top three sectors with the lowest backup usage globally, climbing to second place in 2024, alongside state and local government. Unfortunately, the willingness to pay the ransom has gradually increased over the last three years for both lower and higher education organizations.
Victims rarely pay the original ransom demanded
Only 13 percent of institutions affected by ransomware reported that the amount of their payment matched the original demand. 32 percent of respondents from the lower education sector and 20 percent of respondents from the higher education sector paid less than originally demanded; 55 percent of institutions from the lower education sector and 67 percent of higher education institutions paid more ransom than demanded. Globally, higher education is the sector most likely to pay more than originally demanded by the extortionists.
Source: www.sophos.com
