Why educational institutions paid more ransomware recovery cost in the last year – Sophos

Ejike Kanife
Ransomware attackers have upped the ante when it comes to getting paid
Ransomware attacks against healthcare companies hit 4-year high - Sophos report

Ransomware attacks are not limited to businesses and organisations alone as educational institutions have also been engaged in a cyber fight for their literal lives. According to a new report by Sophos, a global leader in innovative security solutions that defeat cyberattacks, educational institutions have paid way more to salvage themselves from ransomware attacks over the last year.

This was revealed in its annual sector survey report, “The State of Ransomware in Education 2024.” According to the report, the median ransom payment was $6.6 million for lower education and $4.4 million for higher education organizations.

In addition, the survey states that 55 per cent of lower education respondents and 67 per cent of higher education respondents paid more than was initially demanded by the attackers.

Ransomware attacks are causing more of a strain as only 30 per cent of ransomware victims surveyed in both lower and higher education were able to fully recover in a week or less. This was down from last year’s numbers of 33 per cent for lower education and 40 per cent for higher education.

The report noted that the slowing recovery rate is likely due to education organizations operating with limited teams and resources, making it harder for them to coordinate recovery efforts.

Ransomware: Why educational institutions paid more recovery costs in the last year

Director, Field CTO of Sophos, Chester Wisniewski, explained that there are two possible reasons why these educational institutions feel so much pressure to pay these ransoms.

Unfortunately, schools, universities and other educational institutions are targets that are beholden to municipalities, communities and the students themselves, which inherently creates high-pressure situations if they are hit and destabilized by ransomware. Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay,” he said

Ransomware attackers compromise backups during attack

According to the report, in their sophistication, cybercriminals are taking a step further to also try to compromise the backup which their victims have in place. According to the report, 95 per cent of respondents said that cybercriminals tried to compromise their backups during the attack, with 71 per cent being successful. This represents the second-highest backup compromise rate across all industry sectors.

Having backups compromised also considerably increases recovery costs, with the total bill coming in five times higher in lower education and four times higher in higher education.

We also know that ransomware attackers have upped the ante when it comes to getting paid. Compromising their victims’ backups is now a mainstream element of ransomware attacks, giving adversaries the opportunity to subsequently increase the ransom demand when it is clear that the data cannot be recovered without the decryption key,” Chester Wisniewski said.

Despite difficult dealings with ransomware, the overall attack rate dropped over the last year. 63 per cent of lower education organizations and 66 per cent of higher education organizations were hit by ransomware attacks. This was down from 80 per cent and 79 per cent respectively. 

At the same time, the rate of data encryption has increased slightly, with 85 per cent of attacks on lower education and 77 per cent of attacks on higher education organizations resulting in data encryption. This was slightly up from the 81 per cent and 73 per cent reported in the 2023 survey.

Unfortunately, cybercriminals are not only encrypting data, they are also stealing it, using it as leverage to further monetize the attack. 32 per cent of lower education organizations that had data encrypted said the data was also stolen, together with 18 per cent in higher education.

The survey reveals that exploited vulnerabilities were the leading root cause of attacks in education, providing cybercriminals with a way into the network for 44 per cent of lower education and 42 per cent of higher education ransomware attacks.

How educational institutions can better protect themselves

Based on this Sophos survey data, schools and other educational organizations could benefit from a layered security approach that includes vulnerability scanning and patching prioritization guidance to reduce their attack surface, and endpoint protection with anti-ransomware capabilities that automatically detect and stop attacks.

They can also benefit from 24/7 human-led managed detection and response (MDR) services to neutralize advanced human-led attacks, ideally leveraging telemetry from backup solutions to detect and stop adversaries before they can cause damage.

While there appears to be some positive progress towards combatting ransomware in the education sector, it’s concerning that the rate of data encryption continues to increase year after year, which suggests educational organizations need to continue working towards improving their ransomware resilience. With stretched resources and limited budgets, education organizations need to focus on the controls that will have the greatest impact,” Wisniewski said.

He noted that with the median ransomware recovery cost for education now hitting $3 million, it is clear that investing in strong prevention and protection solutions can considerably reduce the overall financial impact of cyber on educational organizations,

Sophos Group Silicon Valley Office
Santa Clara, CA, USA – Feb 26, 2020: British cybersecurity software and hardware company Sophos Group plc’s Silicon Valley office in Santa Clara, California.

Sophos’ report this year went further to incorporate new areas of study. One of them is the insight into the role of law enforcement in ransomware remediation for education providers. Per the report, 99 per cent of lower education and 98 per cent of higher education organizations engaged with law enforcement and/or official government bodies following a ransomware attack.

As a result, 64 per cent of lower education organizations and 66 per cent of higher education organizations benefitted from advice about dealing with the attack. 61 per cent of lower and higher education organizations received help and support investigating the attack, and nearly 49 per cent of lower education organizations and 48 per cent of higher education organizations sought law enforcement’s help recovering data encrypted in the attack.

Data for the State of Ransomware in Education 2024 report comes from a vendor-agnostic survey of 600 cybersecurity/IT leaders working in the education sector conducted between January and February 2024. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. All respondents represent organizations with between 100 and 5,000 employees.

Latest news: Microsoft to lay off 650 Xbox support staff as it looks to rein in costs amid market slowdown


Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!