Sophos Report: The State of Ransomware in Education 2024

Sophos, a leading cybersecurity company, has recently released its annual sector survey report titled “The State of Ransomware in Education 2024.” The report sheds light on the alarming trend of ransomware attacks targeting educational institutions and the significant financial impact they have had.

According to the findings, the median ransom payment for lower education organisations was $6.6 million, while higher education organisations paid a median ransom of $4.4 million. What is even more concerning is that a majority of respondents in both sectors ended up paying more than the initial demand, with 55% of lower education and 67% of higher education organisations exceeding the ransom amount.

The report also highlights the challenges faced by educational institutions in recovering from ransomware attacks. Only 30% of victims were able to fully recover in a week or less, a decrease from the previous year. This slowdown in recovery is attributed to limited resources and coordination efforts within these organisations.

Chester Wisniewski, director and field CTO at Sophos, emphasized the pressure felt by educational institutions to remain operational and provide services to their communities, which may explain why victims feel compelled to pay the ransom. Wisniewski also pointed out that ransomware attackers have become more sophisticated, compromising victims’ backups to increase ransom demands.

Despite a slight decrease in the overall attack rate, the report reveals an increase in data encryption by cybercriminals, with a significant number of organisations experiencing data theft as well. Exploited vulnerabilities were identified as the leading cause of ransomware attacks in education, highlighting the need for a layered security approach to mitigate risks.

The report also delves into the role of law enforcement in ransomware remediation for education providers, with a high percentage of organisations seeking assistance and advice following an attack. The data for the report was gathered from a survey of 600 cybersecurity/IT leaders in the education sector, underscoring the widespread impact of ransomware on educational institutions worldwide.

As the ransomware threat continues to evolve, educational organisations are urged to invest in robust prevention and protection solutions to safeguard against future attacks and minimize financial losses. The findings of the report serve as a stark reminder of the importance of cybersecurity measures in the education sector.