The most recent annual analysis by Sophos regarding the actual encounters with ransomware in educational institutions investigates how the influence of ransomware has progressed over the past four years. It delves into the entire journey of the victims, encompassing the attack frequency, underlying causes, operational repercussions, and business consequences.
The current report delves into novel areas of examination within the education domain, such as a comparative analysis between ransom demands and ransom payments, as well as the frequency with which educational entities seek assistance from law enforcement agencies to mitigate the impact of an attack.
Access the report to gain access to the complete findings.
Reduction in Attack Rates, Yet a Notable Surge in Recovery Expenditure
In the preceding year, ransomware incidents affected 63% of primary education institutions and 66% of higher education establishments, marking a significant decrease from the 80% and 79% documented in 2023, respectively. Despite this decline, the ransomware attack rates in educational settings continue to surpass the global average across various sectors, which stands at 59%.
Among educational institutions affected by ransomware in the recent year, 95% disclosed that cybercriminals made attempts to infiltrate their backup systems during the attack. Out of this fraction, 71% acknowledged that these attempts were successful, positioning them as having the second-highest success rate in compromising backups among all industries, following the energy, oil/gas, and utilities domain.
Encryption of data as a consequence of ransomware attacks was witnessed in 85% of incidents on primary education organizations and 77% on higher education entities, which marginally exceeded the percentages recorded in the previous year (81% and 73%, respectively). For primary education, this marks the second consecutive year of heightened encryption occurrences, with only state/local government organizations (98%) showing a higher likelihood of data encryption in such situations.
In 2024, the average recovery expenditure for primary education institutions affected by ransomware stood at $3.76M, more than double the $1.59M noted in 2023. On the other hand, higher education establishments reported an average cost of $4.02M, nearly four times higher than the $1.06M documented in 2023.
Devices Impacted During a Ransomware Incident
On average, 52% of computers in primary education and 50% in higher education encountered the ramifications of a ransomware attack, slightly surpassing the cross-sector mean of 49%. Instances where the entire environment was encrypted proved to be extremely rare, with only 2% of primary education and 1% of higher education institutions reporting that 91% or more of their devices had been affected.
Heightened Inclination to Fulfill Ransom Demands
Within primary education entities, 62% opted to pay the ransom to retrieve encrypted data, while 75% resorted to backups for data restoration. Similarly, 67% of higher education institutions paid the ransom to recover data, with 78% resorting to backups.
Among higher education institutions, the inclination to employ backups for data recovery stands as the second-highest along with state/local government establishments. Similarly, these institutions rank second in terms of the propensity to fulfill ransom demands for recovering encrypted data, while primary education organizations stand in third place.
Examining the trends over three years in the education sector shows a rise in backup usage. In 2023, higher education was among the sectors with the least backup utilization globally, climbing to the second rank in 2024, alongside state/local government establishments. Unfortunately, the trend indicates a progressive increase in the willingness to pay ransoms for both primary and higher education institutions over the past three years.
One notable shift observed over the past year is the increased preference among victims to utilize multiple strategies for recovering encrypted data, like paying the ransom and leveraging backups concurrently. This time, 65% of primary education and 69% of higher education institutions that underwent data encryption cited employing more than one approach, nearly tripling the rates recorded in 2023 (23% for primary education and 22% for higher education entities).
Instances of Victims Deviating From the Original Ransom Sum
According to 99 respondents from primary education and 92 from higher education whose organizations resorted to ransom payments, the disclosed average (median) sum paid in the previous year was $6.6M and $4.4M, respectively.
Merely 13% of ransomware victims in the education sector stated that their payment matched the initial demand. Subsequently, 32% of primary education and 20% of higher education respondents paid less than the original demand, whereas 55% of primary education and 67% of higher education organizations ended up paying more. Globally, higher education emerges as the sector with the highest probability of surpassing the original ransom demand.
Access the comprehensive report for profound insights into ransom payments and various other realms.
Insights on the Survey
The report draws from the outcomes of an independent and vendor-agnostic survey initiated by Sophos, comprising responses from 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. Among these, 600 participants hailed from educational institutions, divided into 300 primary education (catering to students below 18 years) and 300 higher education (for students over 18 years). All respondents represented organizations with staff sizes ranging between 100 and 5,000 employees. The survey, conducted by the research specialist Vanson Bourne between January and February 2024, required the respondents to reflect on their encounters over the preceding year.
About Author
