Sophos has released a new sectoral survey report, The State of Ransomware in Education 2023, which found that education reported the highest rate of ransomware attacks in 2022.
Over the past year, 79% of higher educational organizations surveyed reported being hit by ransomware, while 80% of lower educational organizations surveyed were targeted—an increase from 64% and 56% in 2021, respectively.
The sector reported one of the highest rates of ransom payment with more than half (56%) of higher educational organizations paying and nearly half (47%) of lower educational organizations paying the ransom.
However, paying the ransom significantly increased recovery costs for both higher and lower educational organizations.
Recovery costs (excluding any ransoms paid) for higher educational organizations that paid the ransom were $1.31 million when paying the ransom versus $980,000 when using backups.
Commenting on this, Chester Wisniewski, field CTO, Sophos, said “While most schools are not cash-rich, they are very highly visible targets with immediate widespread impact in their communities. The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible without regard for cost. Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals.”
You can read the full report here.