Ransomware Attacks on Education Sector Decline in 2024, But Risks Remain High
Global ransomware attacks on the education sector fell from 188 in 2023 to 116 in 2024, according to a recent report by cybersecurity firm Comparitech. Despite this decline—the only sector among four analyzed to see a drop—1.8 million records were still compromised in 2024, with an average ransom demand of $847,000.
While the overall number of confirmed ransomware incidents across industries decreased, Comparitech cautions that 2024 figures may rise as delayed reporting is common. Tracking remains challenging, particularly in education, where many institutions do not disclose attacks. U.S. K-12 schools, however, have seen a sharp increase in incidents, with attacks surging 393% between 2016 and 2022. From November 2022 to October 2024, 85 additional ransomware attacks on K-12 public schools were reported by the nonprofit K12 Security Information eXchange (K12 SIX).
A lack of nationwide reporting standards complicates efforts to assess the full scope of attacks. A forthcoming federal rule aims to mandate cyber incident reporting for education and other sectors, though details on how the Cybersecurity and Infrastructure Security Agency (CISA) will handle and share the data remain unclear.
Comparitech’s analysis, based on confirmed attacks where organizations publicly acknowledged breaches, identified 5,461 global ransomware incidents in which threat actors claimed responsibility. Notable 2024 attacks on U.S. schools included:
- Alabama State Department of Education (June 17): Hackers breached some data before being stopped, with officials refusing to negotiate.
- Granite School District (Utah): Faced a $1.5 million ransom demand.
- Shenango Area School District (Pennsylvania): Targeted with a $1.3 million ransom.
- Additional confirmed attacks hit schools in Arizona, South Carolina, Texas, Nebraska, and Georgia, though it remains unclear whether any districts paid ransoms.
Schools are frequent targets due to limited cybersecurity funding and the sensitive student and staff data they hold. To address these vulnerabilities, the Federal Communications Commission (FCC) launched a $200 million pilot program to help schools and libraries cover cybersecurity costs. However, demand far outstripped available funds, with applications totaling $3.7 billion.
Source: https://www.k12dive.com/news/education-ransomware-attacks-2024-comparitech/736854/
Alabama State Department of Education cybersecurity rating report: https://www.rankiteo.com/company/alabama-department-of-education
"id": "ALA1765598977",
"linkid": "alabama-department-of-education",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'education',
'location': 'Alabama, USA',
'name': 'Alabama State Department of Education',
'type': 'government education department'},
{'industry': 'education',
'location': 'Utah, USA',
'name': 'Granite School District',
'type': 'school district'},
{'industry': 'education',
'location': 'Pennsylvania, USA',
'name': 'Shenango Area School District',
'type': 'school district'},
{'industry': 'education',
'location': 'Arizona, USA',
'name': 'Tri-City College Prep High School',
'type': 'high school'},
{'industry': 'education',
'location': 'South Carolina, USA',
'name': 'Charleston County School District',
'type': 'school district'},
{'industry': 'education',
'location': 'Texas, USA',
'name': 'Abilene Independent School District',
'type': 'school district'},
{'industry': 'education',
'location': 'Nebraska, USA',
'name': 'Winnebago Public Schools',
'type': 'school district'},
{'industry': 'education',
'location': 'Georgia, USA',
'name': 'Effingham County Schools',
'type': 'school district'}],
'data_breach': {'number_of_records_exposed': '1.8 million',
'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high',
'type_of_data_compromised': 'sensitive student and staff '
'information'},
'date_publicly_disclosed': '2024',
'description': 'Globally, the number of confirmed ransomware attacks '
'targeting the education sector dropped from 188 in 2023 to '
'116 in 2024. However, 1.8 million records were affected, with '
'an average ransom demand of $847,000. Multiple school '
'districts and educational institutions were targeted, '
'including the Alabama State Department of Education, Granite '
'School District, Shenango Area School District, Tri-City '
'College Prep High School, Charleston County School District, '
'Abilene Independent School District, Winnebago Public '
'Schools, and Effingham County Schools.',
'impact': {'data_compromised': '1.8 million records',
'identity_theft_risk': 'high (sensitive student and staff '
'information)'},
'investigation_status': 'ongoing (some incidents confirmed, others not '
'disclosed)',
'lessons_learned': 'Educational institutions are viewed as vulnerable and '
'lucrative targets due to limited cybersecurity funding '
'and sensitive data. Nationwide reporting standards are '
'lacking, and federal support is needed.',
'motivation': 'financial gain, exploitation of vulnerable systems',
'post_incident_analysis': {'corrective_actions': 'federal funding initiatives '
'(e.g., FCC pilot program), '
'improved incident reporting '
'standards',
'root_causes': 'lack of dedicated cybersecurity '
'funding, vulnerable systems, '
'sensitive data as a target'},
'ransomware': {'data_exfiltration': 'some data infiltrated (Alabama State '
'Department of Education)',
'ransom_demanded': ['$847,000 (average)',
'$1.5 million (Granite School District)',
'$1.3 million (Shenango Area School '
'District)',
'$100,000 (Tri-City College Prep High '
'School)']},
'recommendations': 'Implement stronger cybersecurity measures, leverage '
"federal funding programs (e.g., FCC's $200 million pilot "
'program), and establish standardized incident reporting.',
'references': [{'date_accessed': '2024', 'source': 'Comparitech'},
{'date_accessed': '2024',
'source': 'K12 Security Information eXchange (K12 SIX)'}],
'regulatory_compliance': {'regulatory_notifications': 'federal rule being '
'finalized for '
'mandatory reporting'},
'response': {'containment_measures': 'thwarted hackers from accessing all '
'targeted servers (Alabama State '
'Department of Education)',
'law_enforcement_notified': 'FBI involved (Alabama State '
'Department of Education)'},
'title': 'Global Ransomware Attacks on Education Sector (2024)',
'type': 'ransomware'}