"Schools Face Million-Dollar Bills as Ransomware Rises"

According to security researchers at Sophos, schools, colleges, and universities face growing costs from ransomware attacks.  In a new study the researchers found that 44% of schools across 14 nations surveyed faced a ransom demand of $5m or more.  In higher education, 32% faced demands of between $1m and $5m, and 35% over $5m.  The researchers found that schools paid the highest median ransoms at $6.6m.  The researchers noted that the number of ransomware attacks against the education sector actually fell in 2024 compared with 2023.  In 2023, 80% of “lower education” establishments reported ransomware attacks, falling to 63% in 2024.  For higher education, attacks dropped from 79% to 66%.  In both cases, though, 2024 saw more attacks than 2022.  The researchers noted that education institutions faced long recovery times, partly because ransomware groups increasingly target backups and primary data.  Of the organizations reporting ransomware attacks, 95% said cybercriminals attempted to compromise backups, and 71% succeeded in doing so.  Schools that suffered backup compromise were three times as likely to pay ransoms.  Both schools and universities that suffered backup compromise faced higher recovery costs.  The most common root causes for ransomware in the sector included vulnerability exploits, malicious emails, and compromised credentials.

Infosecurity Magazine reports: "Schools Face Million-Dollar Bills as Ransomware Rises"