Most educational organizations paid more than the initial ransom, Sophos Survey
The average ransom paid by educational institutions is $6.6 million for primary education institutions and $4.4 million for higher education institutions. This is according to “The State of Ransomware in Education 2024” survey by cybersecurity company Sophos.
In addition, the survey showed that 55% of lower education respondents and 67% of higher education respondents paid more than they initially declared.
Ransomware attacks cause even more distress, as only 30% of lower and higher education ransomware victims surveyed were able to fully recover in a week or less. Last year, this was 33% (low education) and 40% (high education). The slower recovery may be due to the limited teams and resources of educational organizations, which makes it more difficult for them to coordinate recovery efforts.
“Unfortunately, schools, universities and other educational institutions are targets that are beholden to municipalities, communities and the students themselves, which inherently creates high pressure situations if they are hit and destabilized by ransomware. Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay,” said Chester Wisniewski, director, field CTO, Sophos.
“We also know that ransomware attackers have upped the ante when it comes to getting paid. Compromising their victims’ backups is now a mainstream element of ransomware attacks, giving adversaries the opportunity to subsequently increase the ransom demand when it is clear that the data cannot be recovered without the decryption key.”
In fact, 95% of respondents said that cybercriminals tried to destroy their backups during the attack, with a 71% success rate, the second-highest backup destruction rate of all industries. Compromised backups can also significantly increase recovery costs. The total cost was five times higher in the lower education sector and four times higher in the higher education sector. Despite the difficulty of dealing with ransomware, overall attack rates are down from last year. 63% of higher education organizations and 66% of higher education organizations were impacted by a ransomware attack, down from 80% and 79%, respectively. Meanwhile, data encryption rates rose slightly: 85% of attacks on lower education organizations and 77% of attacks on higher education organizations resulted in data encryption, up slightly from 81% and 73%, respectively, in 2019. The survey is reported in 2023. Unfortunately, cybercriminals not only encrypt data, they steal it and use it as leverage to further monetize their attacks. 22% of higher education organizations whose data was encrypted said it was also stolen, and 18% of higher education organizations also said it was stolen.
Exploited vulnerabilities were the primary cause of attacks in the education sector, providing cybercriminals with a way into the network in 44% of ransomware attacks in lower education and 42% in higher education, according to the survey. According to data from the Sophos survey, schools and other educational institutions can benefit from a layered security approach that includes vulnerability scanning and prioritized patch guidance to reduce the attack surface, endpoint protection with anti-ransomware capabilities to automatically detect and block attacks, managed detection and response (MDR) services that include human-led attacks to neutralize advanced human-led attacks, and ideally leverage telemetry from backup solutions to detect and block attackers before they can cause damage.
“While the education sector appears to be making some positive progress in the fight against ransomware, the worrying increase in data encryption rates year over year indicates that educational institutions need to continue working to improve their resilience against ransomware. With scarce resources and limited budgets, educational institutions must focus on the actions that will have the highest impact. “The average cost to recover from a ransomware attack in the education sector is currently $3 million. Therefore, it is clear that investing in a strong prevention and protection solution can significantly reduce the overall financial impact of a cyberattack on educational institutions,” said Wisniewski.
Sophos report this year incorporates new areas of study: insight into the role of law enforcement in ransomware remediation for education providers. Ninety-nine percent of lower education and 98% of higher education organizations engaged with law enforcement and/or official government bodies following a ransomware attack. As a result, 64% of lower education organizations and 66% of higher education organizations benefitted from advice about dealing with the attack. Sixty-one percent of lower and higher education organizations received help and support investigating the attack, and nearly 49% of lower education organizations and 48% of higher education organizations sought law enforcement’s help recovering data encrypted in the attack.
Data for the Sophos State of Ransomware in Education 2024 report comes from a vendor-agnostic survey of 600 cybersecurity/IT leaders working in the education sector conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. All respondents represent organizations with between 100 and 5,000 employees.
Follow us on Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke