According to a small survey, the sector showed different trends between respondents in organizations of the lower and higher education levels …

In a survey of 400 IT/cybersecurity leaders in educational organizations with between 100 and 5,000 employees across 14 countries in the Americas, EMEA and the Asia Pacific region, the sector showed the highest rate of ransomware attacks among all sectors surveyed by the same entity in 2022.

Respondents from higher education (above 18 years) comprised 200, while the remainder were those in  lower education (up to 18 years): all were from either public or private sector education organizations.

In the data, 79% and 80% of respondents involved in higher education and lower education respectively, reported being hit by ransomware. Compared to similar 2021 data, this is an increase from 64% and 56% in 2021, respectively.

The education sector also showed one of the highest rates of ransom payment — by 56% of respondents in higher educational citing payment, and by 47% of those in the lower education levels.

Recovery costs (excluding any ransoms paid) for higher educational organizations that paid the ransom were US$1.31m, versus US$980,000 when using backups. For respondents from the lower-education organizations, the average recovery costs were US$2.18m when paying the ransom, versus US$1.37m  when not paying.

Other findings

    • 77% of ransomware attacks against higher educational organizations were attributable to exploits and compromised credentials; for attacks in the lower education levels, the two causes formed 65% of all ransomware attacks.
    • 73% of respondents in the higher education levels cited using data encryption for their backups (versus 74% in similar 2021 data) versus. For those in the lower education levels, 72% to 81% reported using encrypted backups.
    • 63% of respondents from higher education levels reported using backups — compared to the cross-sector average of 70%. For respondents in lower education, 73% cited using backups.
    • 79% of respondents from higher education that used backups cited recovering from a ransomware attack within a month, compared to 63% of those that paid ransoms. For respondents from the lower education levels that used backups, 63% cited recovering within a month, compared to 59% that paid the ransom.
    • 37% and 36% of respondents from the higher and lower education levels respectively cited compromised login credentials as the root cause of ransomware attacks, compared to the cross-sector average of 29%.

According to Chester Wisniewski, Field CTO, Sophos, which commissioned the survey: “While most schools are not cash-rich, they are very highly visible targets with immediate widespread impact in their communities. The pressure to keep the doors open likely (led) to pressure to solve the problem as quickly as possible without regard for cost. Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in (criminals’ victim selection).”

Wisniewski noted that the US federal government’s initiative to mandate all agencies use multifactor authentication sets a good example for schools of all sizes to “avoid many of these attacks from getting in the door.”