Sophos and Vanson Bourne: The State of Ransomware in Education 2024

Ransomware in Education: Declining Attack Rates Mask Rising Costs and Recovery Challenges

Sophos’ latest annual report on ransomware in the education sector reveals a complex landscape, where declining attack rates contrast with soaring recovery costs and evolving attacker tactics. The study, based on a survey of 600 IT and cybersecurity leaders in lower and higher education across 14 countries, examines trends from 2023 and highlights critical shifts in the sector’s response to ransomware.

Attack Rates Drop, But Risks Remain High
While ransomware attacks on educational institutions have decreased 63% of lower education and 66% of higher education organizations were hit in the past year, down from 80% and 79% in 2023 the sector still faces a higher attack rate than the global cross-sector average of 59%. Despite the decline, attackers are increasingly targeting backups, with 95% of affected organizations reporting attempts to compromise them. Of those, 71% saw their backups successfully breached, the second-highest rate across all sectors.

Data encryption remains a persistent threat, affecting 85% of lower education and 77% of higher education victims in 2023 slightly higher than the previous year. Lower education’s encryption rate has risen for the second consecutive year, second only to state and local government organizations (98%).

Recovery Costs Skyrocket
The financial toll of ransomware has surged dramatically. Lower education organizations reported an average recovery cost of $3.76 million in 2024, more than double the $1.59 million in 2023. Higher education saw an even steeper increase, with costs rising nearly fourfold to $4.02 million from $1.06 million the prior year. On average, 52% of computers in lower education and 50% in higher education were impacted per attack, slightly above the cross-sector average of 49%.

Ransom Payments and Backup Reliance Climb
The propensity to pay ransoms has grown, with 62% of lower education and 67% of higher education organizations opting to pay in 2023 up from previous years. However, backups remain a critical recovery tool, used by 75% of lower education and 78% of higher education victims. Higher education’s reliance on backups has improved significantly, jumping from near the bottom globally in 2023 to second place in 2024, tied with state and local government.

A notable shift is the rise in hybrid recovery strategies: 65% of lower education and 69% of higher education victims used multiple methods (e.g., paying the ransom and restoring from backups) in 2023, nearly triple the rates from the previous year.

Ransom Demands vs. Payments: A Disparity
When organizations paid ransoms, the sums often diverged from initial demands. The median payment for lower education was $6.6 million, while higher education paid $4.4 million. Only 13% of victims paid the exact amount requested. Lower education organizations were more likely to pay less (32%) than the demand, while higher education was the most likely sector globally to pay more (67%).

The report underscores the education sector’s growing vulnerability to ransomware, where improved backup strategies coexist with rising costs and increasingly aggressive attacker tactics. The findings are based on a survey conducted by Vanson Bourne between January and February 2024, covering organizations with 100 to 5,000 employees.

Source: https://www.sophos.com/en-us/blog/the-state-of-ransomware-in-education-2024

Sophos cybersecurity rating report: https://www.rankiteo.com/company/sophos

Vanson Bourne cybersecurity rating report: https://www.rankiteo.com/company/vanson-bourne

"id": "SOPVAN1777508803",
"linkid": "sophos, vanson-bourne",
"type": "Ransomware",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Education',
                        'location': '14 countries',
                        'size': '100 to 5,000 employees',
                        'type': 'Lower education organizations'},
                       {'industry': 'Education',
                        'location': '14 countries',
                        'size': '100 to 5,000 employees',
                        'type': 'Higher education organizations'}],
 'data_breach': {'data_encryption': '85% lower education, 77% higher education',
                 'type_of_data_compromised': 'Encrypted data'},
 'date_publicly_disclosed': '2024',
 'description': 'Sophos’ latest annual report on ransomware in the education '
                'sector reveals a complex landscape, where declining attack '
                'rates contrast with soaring recovery costs and evolving '
                'attacker tactics. The study examines trends from 2023 and '
                'highlights critical shifts in the sector’s response to '
                'ransomware.',
 'impact': {'data_compromised': 'Data encryption (85% lower education, 77% '
                                'higher education)',
            'financial_loss': {'higher_education': '$4.02 million (2024 '
                                                   'average recovery cost)',
                               'lower_education': '$3.76 million (2024 average '
                                                  'recovery cost)'},
            'systems_affected': {'higher_education': '50% of computers '
                                                     'impacted per attack',
                                 'lower_education': '52% of computers impacted '
                                                    'per attack'}},
 'lessons_learned': 'Improved backup strategies coexist with rising costs and '
                    'increasingly aggressive attacker tactics targeting '
                    'backups.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': 'Improved backup strategies '
                                                  'and hybrid recovery methods',
                            'root_causes': 'Attackers increasingly targeting '
                                           'backups (95% of affected '
                                           'organizations reported attempts, '
                                           '71% saw backups breached)'},
 'ransomware': {'data_encryption': '85% lower education, 77% higher education',
                'ransom_demanded': {'higher_education': '$4.4 million (median '
                                                        'payment)',
                                    'lower_education': '$6.6 million (median '
                                                       'payment)'},
                'ransom_paid': {'higher_education': '67% paid',
                                'lower_education': '62% paid'}},
 'references': [{'date_accessed': '2024',
                 'source': 'Sophos Annual Report on Ransomware in Education'},
                {'date_accessed': 'January-February 2024',
                 'source': 'Vanson Bourne Survey'}],
 'response': {'recovery_measures': 'Hybrid recovery strategies (65% lower '
                                   'education, 69% higher education)',
              'remediation_measures': 'Backup restoration (75% lower '
                                      'education, 78% higher education)'},
 'title': 'Ransomware in Education: Declining Attack Rates Mask Rising Costs '
          'and Recovery Challenges',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Backup compromise'}

Sophos and Vanson Bourne: The State of Ransomware in Education 2024

Ben-Gurion University: ODINI Malware Uses CPU Magnetic Emissions to Breach Faraday-Shielded Air-Gapped Computers

OCAD University, UBC and SFU: Cyberattack hits universities around the world including Canada

McHenry County College, Instructure, Inc. and Woodstock School District 200: Canvas cyberattack hits McHenry County school districts