A new report from Sophos found that ransomware attacks against the education sector hit an all-time high in 2020.

The report released earlier this month found that 44 percent of institutions were hit with a ransomware attack. In more than half of those cases (58 percent), attackers succeeded in encrypting data of the victimized organizations.

A third of organizations that didn’t face an attack last year expect to be attacked in the future. Despite the increasing rate of attacks, 22 percent of organizations that weren’t attacked said they don’t expect to be hit in the future.

Paying the Ransom Doesn’t Always Mean an Easy Recovery

In response to successful attacks, 35 percent of education organizations that had their data encrypted paid the ransom. Sophos said that across all industries, education has the third-highest rate of ransom payment, with only the energy, oil/gas and utilities, and local government sectors more likely to pay.

Education organizations are already facing shrinking budgets, especially with increase in spending due to the pandemic. The average ransom payment of $112,435 further tightens the financial belt of organizations that faced a successful ransomware attack. While many paid the ransom, that did not always mean they regained control of their data. On average, only 68 percent of the data was recovered after paying the ransom, leaving almost a third inaccessible, while just 11 percent of those that paid got all their encrypted data back.

Education Sector Struggles With Outdated Technology

The cost of a ransomware attack isn’t limited to the ransom payment. The report found that the education sector faced the highest overall bill to recover from a ransomware attack of all industries surveyed. The survey took into account downtime, people time, device cost, network cost, lost opportunity, and ransom paid, among other measures. Sophos’ said the total cost was, on average, $2.73 million.

Compared to other global industries, the total attack-recovery cost for the education sector is 28 percent higher. Sophos attributed the increased cost to education organizations frequently relying on outdated and fragmented IT infrastructures supported by understaffed IT teams. As a result of this, education organizations are frequently forced to rebuild from the ground up after a successful attack. The report did note that the average ransom payment is less than five percent of the overall ransomware recovery cost.

Some Education Organizations Think They Are Immune From Attacks

The report questioned why 22 percent of education organizations don’t believe they will face a ransomware attack in the future.

Some organizations (15 percent) believe they just aren’t a target for ransomware, despite the sharp increase across the education sector. However, the majority of organizations that don’t anticipate a ransomware attack believe that is the case because they’ve hardened their networks and infrastructure against attacks. The report gathered the top reasons respondents don’t expect an attack:

  • We work with a specialist cybersecurity company that runs a full Security Operations Center – 34 percent.
  • We have air-gapped backups we can restore from – 36 percent.
  • We have cybersecurity insurance against ransomware – 37 percent.
  • We have anti-ransomware technology – 50 percent.
  • We have trained IT security staff who are able to stop attacks – 60 percent.

Recommendations for Education Sector

Though some organizations remain confident in their ability to withstand or avoid an attack, Sophos developed six common-sense recommendations for all education establishments:

  • Assume you will be hit;
  • Make backups;
  • Deploy layered protection;
  • Combine human experts and anti-ransomware technology;
  • Don’t pay the ransom; and
  • Have a malware recovery plan.


Read More About
Kate Polit
Kate Polit
Kate Polit is MeriTalk SLG's Assistant Copy & Production Editor, covering Cybersecurity, Education, Homeland Security, Veterans Affairs