Alarming rise in ransomware attacks on education: Sophos

Leading cybersecurity firm Sophos has shed light on the alarming increase in ransomware attacks targeting the education sector.
Sophos report on recovery cost in educationThe report titled The State of Ransomware in Education 2023, based on a survey of 400 IT / cybersecurity professionals across 14 countries, unveils the real-world experiences of educational institutions in the face of cyber threats.

Spike in Attacks and Data Encryption

The survey findings revealed a stark rise in ransomware attacks on educational institutions. The education sector reported the highest rates of ransomware attacks among all industries surveyed. An alarming 80 percent of lower education providers and 79 percent of higher education providers reported falling victim to ransomware attacks in 2023. This represents a significant surge from the previous year, with rates more than doubling since 2021, when only 44 percent of education providers faced such attacks.

Additionally, data encryption in the education sector has seen a steady increase. Lower education providers reported an 81 percent rate of data encryption, while higher education institutions reported a rate of 73 percent, remaining consistent with the previous year.

“Double Dip” Method and Data Recovery

One worrying trend is the increasing prevalence of the “double dip” method, where cybercriminals not only encrypt the data but also steal it for potential data exfiltration. Of the lower education organizations that experienced data encryption, 27 percent reported that their data was also stolen. In higher education, this figure rose to 35 percent, indicating a growing adoption of this malicious tactic.
Sophos report on ransomware in education sector 2023The ability to recover encrypted data is crucial for organizations facing ransomware attacks. Fortunately, all higher education institutions and 99 percent of lower education organizations were successful in recovering their data. Notably, the recovery rate for the education sector surpasses the cross-sector average, indicating a degree of resilience in the face of such threats.

Root Causes of Attacks

The report also identified the root causes behind the ransomware attacks. For lower education, compromised credentials (36 percent) and exploited vulnerabilities (29 percent) emerged as the top two most common triggers for significant ransomware incidents. Emails, including malicious emails and phishing attempts, played a pivotal role, acting as the starting points for nearly one-third (30 percent) of attacks.

In higher education, exploited vulnerabilities (40 percent) were the most prevalent root cause, closely followed by compromised credentials (37 percent). Together, these two factors accounted for a staggering 77 percent of ransomware attacks on higher education institutions. Email-based attacks, although less common, still contributed to nearly one in five (19 percent) ransomware incidents.

Propensity to Pay Ransom and Recovery Costs

When it comes to dealing with ransomware attacks, data recovery methods and payment trends were analyzed. In lower education, 73 percent of organizations relied on backups for data recovery, while almost half (47 percent) chose to pay the ransom to regain access to their data. The percentage of higher education institutions using backups for data recovery stood at 63 percent, highlighting room for improvement in this aspect. Moreover, the report revealed that 56 percent of higher education institutions resorted to paying the ransom, which is a concerning practice.

Despite the increasing prevalence of ransomware attacks, the costs of recovery in lower education remained stable over the year, with organizations spending an average of $1.59 million in 2023, compared to $1.58 million in the previous year. In contrast, higher education institutions demonstrated significant progress, reducing their recovery costs from $1.42 million in 2022 to just over $1 million in 2023. This suggests that higher education organizations have become more adept at recovering from attacks while keeping expenses in check.

The “State of Ransomware in Education 2023” report serves as a stark warning for the education sector to bolster its cybersecurity defenses and stay vigilant against the ever-evolving threat landscape. As cybercriminals continue to target educational institutions, adopting robust security measures and implementing best practices for data protection are imperative to safeguard sensitive information and academic operations.