News & AnalysisNewsletterSecurity

Education Sector Now a Prime Target for Ransomware Attacks


The education sector has long been an attractive target for cyber-attackers. But in the last one year, as universities and schools are wrestling with a host of new technologies and teaching methods – including a variety of apps, portals, and remote teaching technologies – to support online or blended learning environments, they are facing new challenges and new risks.

A recent survey of education IT professionals by Sophos found that nearly half of all education institutions globally were targeted by ransomware in 2020, with 58% of those saying that cyber criminals succeeded in encrypting their data.

The report that surveyed nearly 500 IT decision makers said that nearly 44% of education organizations were hit with ransomware in 2020 compared to 37% across all other industries. Of those schools hit by ransomware, 58% said the attackers succeeded in encrypting their data. The rapid shift to distance learning may have accelerated an already growing trend, as the survey found nearly three quarters of IT professionals said their cybersecurity workload increased, even though most CIO/CISOs across sectors are reeling under pressure.

Education sector pays more ransomware

What’s noticeable is that the education sector is more likely to pay ransom than many others. Over a third of education institutions that had their data encrypted paid ransom to the hackers, good for the third highest level of ransom payment behind just energy and local government, the survey found.

“The average ransom paid by the education sector of about $112,400 is much lower than the global average of $170,400, but nearly 90% of organizations that paid a ransom didn’t get all their data back. On average, only 68% of the data was recovered,” it said.

Despite the lower-than-average ransom payments, the education sector faces the highest overall costs of recovering from a ransomware attack, Sophos’ report said. In addition to the ransom payment, the average cost of $2.73 million includes downtime, man hours, devices, network and lost opportunity. That’s 48% above the global average. With schools already operating on tight budgets, having to pay that huge amount could be devastating.

“The budgets for IT and cybersecurity can be very tight with stretched IT teams battling to protect what is often outdated and fragmented IT infrastructures supported by understaffed IT teams,” Chester Wisniewski, principal research scientist at Sophos said, pointing to limited tools and resources, coupled with risky end user behaviors, such as downloading pirated software adding to the woe.

“As a result, in the wake of an attack they are often forced to totally rebuild from the ground up, incurring major financial cost,” he says.

The Impact of Ransomware Attacks

An analysis of ransomware campaigns within higher education found that ransomware attacks against colleges and universities have more than doubled since the onset of the coronavirus pandemic and the impact of a ransomware attack can be devastating.

For example, a US university was the victim of a ransomware attack involving data within their school of medicine’s research department. After the university realized hackers had encrypted valuable research data, the school chose to pay the hackers $1.14 million in cryptocurrency in hopes that the hackers would provide a decryption key. Fortunately, the school reported that it received a key to restore access to the files and copies of the stolen documents.

Another top university in the UK recently suffered a ransomware attack that forced the school to shut down nearly all of its IT systems. The school was forced to delay the start of the next term while IT teams scrambled to investigate the attack and determine the effect on their systems.

Cybersecurity experts warn there is no guarantee that the data will be recovered, and paying the ransom encourages the hackers to repeat the attack. However, the impact of ransomware is not always just a monetary loss, as the disruption to a school’s term start will affect many other programs and schedules down the road.

“Ransomware can cripple an organization,” says Homayun Yakub, Senior Security Strategist Forcepoint in a discussion with CXOToday. He believes, it can quickly jeopardize the trust customers have placed in them-ultimately impacting their bottom line.

According to Yakub, “By not adopting a proactive stance, a targeted organization is forced into a zero sum or non-zero sum crypto-malware game by the attacker. As a first step to minimize attacks, educational organization should create a ransomware incident playbook applicable to your organization, practice it often and refine as appropriate.”

Educating your users to understand how to avoid succumbing to the lures and tricks of cyber criminals is the first thing every organization should do, including education sector. Next, adopt solid and proven backup procedures in order to restore data in the event of a crypto-malware incident, including offline backups. And finally, build a data loss prevention program across your organization so you gain visibility of where your data is and who is interacting with it, he believes.

Wisniewski too emphasizes that IT professionals in education should consider upgrading IT infrastructure, implement a patch management strategy, invest in stronger backup solutions, implement multi-factor authentication and purchase cyber insurance to help cut down on the cost of a successful attack.

Leave a Response

Sohini Bagchi
Sohini Bagchi is Editor at CXOToday, a published author and a storyteller. She can be reached at