Sophos Survey: Education Sector’s Ransomware Recovery Costs and Trends
The education sector is facing a rising tide of ransomware attacks, with recovery costs skyrocketing despite a decrease in overall attacks, according to the latest report from Sophos.
The report, titled The State of Ransomware in Education 2024, reveals that the median ransom payment for lower education organizations was US$6.6 million, while higher education organizations paid an average of US$4.4 million. Shockingly, 55% of lower education respondents and 67% of higher education respondents paid more than the initial ransom demand.
However, the recovery process is becoming increasingly challenging, with only 30% of ransomware victims in education fully recovering in a week or less. This decline in recovery rates is attributed to the limited resources and teams available to coordinate efforts within educational institutions.
Chester Wisniewski, Director, Field CTO at Sophos, highlighted the pressure faced by educational institutions when targeted by ransomware. He explained that attackers are increasingly compromising backups, making it harder for victims to recover data without paying a hefty ransom.
While the overall rate of ransomware attacks has decreased in the education sector, the rate of data encryption is on the rise. This means cybercriminals are not only encrypting data but also stealing it to leverage further monetary gains. Exploited vulnerabilities were found to be the leading cause of attacks in education.
To combat ransomware, Sophos recommends a layered security approach, including vulnerability scanning, endpoint protection with anti-ransomware capabilities, and 24/7 managed detection and response services.
The report also sheds light on the role of law enforcement in ransomware remediation for educational institutions, with most organizations engaging with authorities following an attack. Investing in robust prevention and protection solutions is crucial to reducing the financial impact of cyber threats on educational organizations.