The latest Sophos report on ransomware in the worldwide educational sector highlights evolving trends and impacts over the past four years. The study delves into various aspects of ransomware attacks, from occurrence rates to operational and financial repercussions, emphasizing significant changes observed in 2024.
The report indicates major educational institutions are spending huge amounts as recovery cost in the wake of cyber security attacks.
Cyber security attacks on educational institutions
There are several examples of cyber security attacks on schools in the UK. For instance, the Billericay School in Essex disclosed that the names, addresses and medical notes of children may have been accessed by criminals during a cyber-attack, BBC said in a news report.
Brockington’s school librarian Elizabeth Elliott says she is now chasing more than 100 overdue books after losing access to her online records.
Embrace Multi-Academy Trust CEO Sharon Mullins says her schools are still feeling the effects of the cyber attack, which happened just before Easter.
In February 2023, the Los Angeles Unified School District (LAUSD) has faced a cyber security incident, showing the personal information of at least 2,000 students. The cyber security attack involved access to sensitive data, including names, addresses, social security numbers, and academic records.
In 2023, the Minneapolis Public School district revealed that there was a data breach and ransom attack affecting over 100,000 individuals. Hackers accessed information on names, addresses, social security numbers, state student numbers, and health insurance data.
Key Findings of the Sophos report
Decline in Attack Rates but Soaring Recovery Costs:
Ransomware attacks in educational sector have decreased, with 63 percent of lower education and 66 percent of higher education organizations hit in the past year, down from 80 percent and 79 percent respectively in 2023.
Recovery costs have surged in educational sector, with lower education institutions averaging $3.76 million, up from $1.59 million in 2023, and higher education institutions averaging $4.02 million, up from $1.06 million.
High Backup Compromise and Data Encryption Rates:
95 percent of attacked educational organizations reported attempts to compromise backups, with a 71 percent success rate.
Data encryption rates have increased in educational sector, affecting 85 percent of lower education and 77 percent of higher education institutions.
Extent of Device Impact:
Ransomware attacks impacted 52 percent of computers in lower education and 50 percent in higher education, slightly above the 49 percent cross-sector average.
Extensive encryption of entire environments remains rare, with only 2 percent of lower and 1 percent of higher education organizations experiencing 91 percent or more of their devices being impacted.
Ransom Payments and Backup Use:
62 percent of lower education institutions and 67 percent of higher education institutions paid ransoms to recover data.
Backup use in educational sector has increased, with 75 percent of lower education and 78 percent of higher education organizations restoring data from backups.
The trend shows a growing propensity to use both ransom payments and backups for data recovery.
Ransom Payment Trends:
The average ransom payment in lower education was $6.6M, while higher education averaged $4.4M.
Most payments did not match the initial ransom demand, with 55 percent of lower education and 67 percent of higher education organizations paying more than the original demand.
Survey Methodology
The report is based on a survey conducted by Vanson Bourne, involving 5,000 IT/cybersecurity leaders from 14 countries, including 600 from educational organizations. The survey, conducted between January and February 2024, covered organizations with 100 to 5,000 employees and captured their experiences over the past year.
Conclusion
Sophos’ 2024 report provides valuable insights into the ransomware landscape in the educational sector, revealing a decline in attack rates but a significant increase in recovery costs. The study underscores the importance of robust cybersecurity measures and the critical role of backups in mitigating ransomware impacts.
