Sophos has released the results of its annual report on the education sector, titled “The State of Ransomware in Education 2024,” revealing that, on average, primary education courses have paid ransoms of $6.6 million, while at higher education institutions the average is $4.4 million. Shockingly, 55% of primary schools and 67% of universities surveyed ended up paying more than they were initially demanded.

Ransomware attacks have had a significant impact, with only 30% of victims at both educational levels able to fully recover in a week or less, down from the 33% and 40% recorded the previous year for primary and higher education, respectively.

«Unfortunately, schools, universities, and other educational institutions are targets that have a responsibility to municipalities, communities, and students themselves, which inherently creates high-pressure situations if they are affected and destabilized by ransomware. Educational institutions feel a responsibility to remain open and continue to provide services to their communities. These two factors could be contributing to victims feeling so much pressure to pay.“said Chester Wisniewski, director and Field CTO of Sophos.

How can the education sector protect itself?

The report also reveals that cybercriminals are increasing the pressure on ransomware attacks, compromising their victims’ backups to demand larger ransoms. 95% of educational institutions surveyed reported attempts to sabotage their backups, and 71% were successful in doing so, significantly increasing recovery costs.

Although the rate of attacks has decreased compared to the previous year, data encryption and information theft have increased, affecting 85% of cases in primary education and 77% in higher education. Attackers are also using stolen data to further extort victims.

The study highlights that exploited vulnerabilities are the main entry point for cybercriminals, being responsible for 44% and 42% of attacks in primary and higher education, respectively. To improve their cybersecurity, the education sector should adopt layered security approaches, such as the use of anti-ransomware protection, managed detection services (MDR) and advanced solutions to reduce the risk of attacks.

In addition, most educational institutions turned to law enforcement or government agencies following an attack, benefiting from advice and support in investigation and data recovery.