Sophos’ latest annual research into real-world ransomware attacks on educational institutions reveals a significant escalation in the malware’s impact over the past four years. The revised text:
This comprehensive approach prioritizes the entire victim’s experience, encompassing the initial assault charge, identifying the underlying trauma triggers, and ultimately yielding measurable organisational impact and strategic results.
Over the past year’s report delves into emerging research fronts within the industry, alongside a comprehensive examination of ransomware threats versus Funds extorted through ransomware attacks are typically used for financial gain by criminal organizations. In contrast, educational institutions often seek assistance from law enforcement agencies to mitigate the impact of these cybercrimes.
to get the total findings.
Although assault charges have decreased, the cost of restoration has more than quadrupled.
According to recent statistics, a significant decline has been observed in the number of educational institutions affected by ransomware attacks: 63% of primary schooling organizations and 66% of upper schooling organizations have fallen victim to these cybercrimes within the past year, representing a notable decrease from the 80% and 79% rates reported in 2023, respectively. Despite this, rates of assault charges in education remain higher than the global cross-sector average of 59%.
In the past year, nearly 95% of educational institutions targeted by ransomware attacks revealed that hackers attempted to breach their backup systems during the attack. While a significant proportion of companies in this industry have demonstrated profitability, specifically 71%, it’s essential to note that this figure ranks as the second-highest rate of successful businesses across all sectors, only surpassed by another sector.
According to recent data, a significant majority of ransomware attacks on both decrease (85%) and higher education institutions (77%) led to encrypted data over the past year, representing an increase from the previous year’s figures of 81% and 73%, respectively. As data breaches increase, so does the need for secure schooling, marking the second year of a surge in encryption rates, with nearly all (98%) attacks now involving encrypted information.
According to estimates, the average cost of recovery for education institutions hit by ransomware attacks in 2024 is projected to reach $3.76 million, a significant increase from the $1.59 million recorded in 2023. Schooling organizations reported an average cost of approximately $4.02 million, nearly four times higher than the $1.06 million figure from 2023.
The following units were affected by the ransomware attack: Manufacturing, Finance, and HR.
In education, 52% of computer systems in lower schools and 50% in higher schools fall victim to ransomware attacks, marginally surpassing the overall sector average of 49%. It’s extremely rare for a setting to be fully encrypted. Only approximately 2% of elementary education institutions and a mere 1% of secondary education institutions indicated that more than 90% of their devices were affected.
The willingness to pay ransoms has increased significantly.
While 38% of institutions faced a significant decline in student enrollment following a cybersecurity incident, only 25% were able to recover their data without paying a ransom, with 50% resorting to using backups to restore their encrypted information. Concurrently, 67% of higher education institutions paid the ransomware demand to recover data, while 78% leveraged backup systems.
Organizations and educational institutions reported a high propensity to utilize backups as a means of restoring knowledge, ranking second only behind individual learners in this regard. Accordingly, it also stands as the second-highest entity prone to paying a ransom to restore encrypted data, with lower education institutions ranking third in this regard?
By 2024, educational institutions are expected to witness an upward trend in reliance on backup systems. In 2023, education emerged as one of the top three sectors globally for data backup use, rising to a close second position in 2024. The trend of paying ransoms has seen a significant surge over the past three years, with an alarming rise in instances across educational institutions of increasing sophistication.
Over the past year, there has been a significant shift in the tactics employed by victims to recover from encrypted data breaches. Notably, more individuals are opting to pay ransoms and utilize backup systems to regain control of their compromised data. A whopping 65% drop in lower schooling and 69% in upper schooling establishments revealed widespread encryption use, a staggering threefold increase from 2023’s figures of 23% in lower education and 22% in higher education institutions.
Mostly, victims do not initially comply with the initial ransom demand.
Among 99 respondents from lower education and 92 from higher education, those whose organisations paid the ransom shared the exact amount paid, showing a median payment of $6.6 million last year for those from lower education backgrounds. The median tuition fee for top-tier education programs? A staggering $4.4 million.
Only 13% of students reported that their tuition fees met the original request. A significant proportion of respondents from both decrease and upper schooling organizations – 32% and 20%, respectively – experienced a shortfall in meeting their unique demands. In contrast, a larger percentage of these organizations, 55% and 67%, respectively, reported exceeding their demand expectations. Worldwide, education surpasses its own demand in terms of supply.
To gain additional insights into ransom payments and explore a wide range of related topics.
In regards to the survey
A comprehensive report is based on the impartial and vendor-independent insights gathered from a global survey of 5,000 IT and cybersecurity professionals across 14 countries in the Americas, Europe, the Middle East, Africa, and Asia-Pacific regions. Six hundred participants were recruited from various educational institutions, comprising 300 individuals from lower education settings, focusing on students up to 18 years old, and 300 individuals from higher education settings, catering to students older than 18 years. Respondents universally describe entities employing between 100 and 5,000 personnel. The survey, conducted by analysis specialist Vanson Bourne from January to February 2024, invited respondents to share their insights primarily based on their experiences over the preceding 12 months.
