Tag: Ransomware

  • 180 ransomware attacks plague education sector worldwide in 2025 through Q3

    180 ransomware attacks plague education sector worldwide in 2025 through Q3

    This audio is auto-generated. Please let us know if you have feedback.

    Dive Brief:

    • The education sector saw 180 ransomware attacks worldwide in the first three quarters of the year — a 6% year-over-year increase from the 170 attacks recorded in 2024, according to Comparitech data released Thursday. The findings include both confirmed and unconfirmed attacks. 

    • Most of the 2025 ransomware attacks — 95 out of 180 — were in the U.S. Some 35 of those 95 attacks have been confirmed by the targeted schools so far. The number of confirmed attacks is expected to climb in the coming months, as breaches are often reported some time after an attack. 

    • Still, the past two quarters marked the first dip in attacks since the start of 2024, which could indicate “a more positive outlook for the education sector,” according to the cybersecurity and online privacy product review website.

    Dive Insight:

    The ransom demand across all 180 attacks globally averaged $444,400. 

    “This definitely isn’t the time to get complacent,” said Rebecca Moody, head of data research at Comparitech, in an email to K-12 Dive on Thursday. “These attacks, and their subsequent breaches, remain a dominant threat. That’s why it’s imperative schools and colleges of all sizes take key steps to try and mitigate their risks.”

    Many of the confirmed attacks resulted in systems going offline, leading to network disruptions and classes being cancelled for days or weeks. The incidents led to stolen data more often than not, with an average of 2.6 terabytes worth of data stolen per attack. 

    In South Carolina’s Cherokee County School District, for example, a confirmed March attack affected systems for around a week and resulted in 624 gigabytes of data allegedly stolen. Last month, the school district reported that data from 46,000 people was impacted. 

    A 2023 Comparitech report estimated the cost of ransomware attacks on K-12 and higher education institutions globally at over $53 billion in downtime between 2018 and mid-September 2023. 

    To prevent ransomware attacks, Moody said schools should keep systems up to date, patch vulnerabilities as soon as they’re flagged, and conduct regular cybersecurity training for employees. 

    “A worst-case scenario plan should also be in place because, as gangs continue to exploit vulnerabilities via third parties, even schools with the best cybersecurity standards can be left vulnerable if the third parties they’re working with are targeted,” said Moody.

    Likewise, cybersecurity experts suggest that school districts implement phishing tests, establish a backup network and tap into state and federal support such as cybersecurity advisors to prevent and respond to ransomware attacks

    Phishing, which often seeks to trick staff into revealing login credentials, can target high-profile employees more often than others, such as those working in human resources, business, the superintendency and other administrative roles with access to sensitive data.

    Source link

  • K-12 districts are fighting ransomware, but IT teams pay the price

    K-12 districts are fighting ransomware, but IT teams pay the price

    Key points:

    The education sector is making measurable progress in defending against ransomware, with fewer ransom payments, dramatically reduced costs, and faster recovery rates, according to the fifth annual Sophos State of Ransomware in Education report from Sophos.

    Still, these gains are accompanied by mounting pressures on IT teams, who report widespread stress, burnout, and career disruptions following attacks–nearly 40 percent of the 441 IT and cybersecurity leaders surveyed reported dealing with anxiety.

    Over the past five years, ransomware has emerged as one of the most pressing threats to education–with attacks becoming a daily occurrence. Primary and secondary institutions are seen by cybercriminals as “soft targets”–often underfunded, understaffed, and holding highly sensitive data. The consequences are severe: disrupted learning, strained budgets, and growing fears over student and staff privacy. Without stronger defenses, schools risk not only losing vital resources but also the trust of the communities they serve.

    Indicators of success against ransomware

    The new study demonstrates that the education sector is getting better at reacting and responding to ransomware, forcing cybercriminals to evolve their approach. Trending data from the study reveals an increase in attacks where adversaries attempt to extort money without encrypting data. Unfortunately, paying the ransom remains part of the solution for about half of all victims. However, the payment values are dropping significantly, and for those who have experienced data encryption in ransomware attacks, 97 percent were able to recover data in some way. The study found several key indicators of success against ransomware in education:

    • Stopping more attacks: When it comes to blocking attacks before files can be encrypted, both K-12 and higher education institutions reported their highest success rate in four years (67 percent and 38 percent of attacks, respectively).
    • Following the money: In the last year, ransom demands fell 73 percent (an average drop of $2.83M), while average payments dropped from $6M to $800K in lower education and from $4M to $463K in higher education.
    • Plummeting cost of recovery: Outside of ransom payments, average recovery costs dropped 77 percent in higher education and 39 percent in K-12 education. Despite this success, K-12 education reported the highest recovery bill across all industries surveyed.

    Gaps still need to be addressed

    While the education sector has made progress in limiting the impact of ransomware, serious gaps remain. In the Sophos study, 64 percent of victims reported missing or ineffective protection solutions; 66 percent cited a lack of people (either expertise or capacity) to stop attacks; and 67 percent admitted to having security gaps. These risks highlight the critical need for schools to focus on prevention, as cybercriminals develop new techniques, including AI-powered attacks.

    Highlights from the study that shed light on the gaps that still need to be addressed include:

    • AI-powered threats: K-12 education institutions reported that 22 percent of ransomware attacks had origins in phishing. With AI enabling more convincing emails, voice scams, and even deepfakes, schools risk becoming test grounds for emerging tactics.
    • High-value data: Higher education institutions, custodians of AI research and large language model datasets, remain a prime target, with exploited vulnerabilities (35 percent) and security gaps the provider was not aware of (45 percent) as leading weaknesses that were exploited by adversaries.
    • Human toll: Every institution with encrypted data reported impacts on IT staff. Over one in four staff members took leave after an attack, nearly 40 percent reported heightened stress, and more than one-third felt guilt they could not prevent the breach.

    “Ransomware attacks in education don’t just disrupt classrooms, they disrupt communities of students, families, and educators,” said Alexandra Rose, director of CTU Threat Research at Sophos. “While it’s encouraging to see schools strengthening their ability to respond, the real priority must be preventing these attacks in the first place. That requires strong planning and close collaboration with trusted partners, especially as adversaries adopt new tactics, including AI-driven threats.”

    Holding on to the gains

    Based on its work protecting thousands of educational institutions, Sophos experts recommend several steps to maintain momentum and prepare for evolving threats:

    • Focus on prevention: The dramatic success of lower education in stopping ransomware attacks before encryption offers a blueprint for broader public sector organizations. Organizations need to couple their detection and response efforts with preventing attacks before they compromise the organization.
    • Secure funding: Explore new avenues such as the U.S. Federal Communications Commission’s E-Rate subsidies to strengthen networks and firewalls, and the UK’s National Cyber Security Centre initiatives, including its free cyber defense service for schools, to boost overall protection. These resources help schools both prevent and withstand attacks.
    • Unify strategies: Educational institutions should adopt coordinated approaches across sprawling IT estates to close visibility gaps and reduce risks before adversaries can exploit them.
    • Relieve staff burden: Ransomware takes a heavy toll on IT teams. Schools can reduce pressure and extend their capabilities by partnering with trusted providers for managed detection and response (MDR) and other around-the-clock expertise.
    • Strengthen response: Even with stronger prevention, schools must be prepared to respond when incidents occur. They can recover more quickly by building robust incident response plans, running simulations to prepare for real-world scenarios, and enhancing readiness with 24/7/365 services like MDR.

    Data for the State of Ransomware in Education 2025 report comes from a vendor-agnostic survey of 441 IT and cybersecurity leaders – 243 from K-12 education and 198 from higher education institutions hit by ransomware in the past year. The organizations surveyed ranged from 100-5,000 employees and across 17 countries. The survey was conducted between January and March 2025, and respondents were asked about their experience of ransomware over the previous 12 months.

    This press release originally appeared online.

    Latest posts by eSchool Media Contributors (see all)

    Source link

  • Ransomware attacks in education jump 23% year over year

    Ransomware attacks in education jump 23% year over year

    This audio is auto-generated. Please let us know if you have feedback.

    Dive Brief:

    • Ransomware attacks against schools, colleges and universities rose 23% year over year in the first half of 2025, according to a report from Comparitech, a cybersecurity and online privacy product review website.
    • The six months saw 130 confirmed and unconfirmed ransomware attacks against educational institutions, with an average ransom demand of $556,000.
    • Education was the fourth-most-targeted sector during the first half of 2025, behind business, government and healthcare, according to Comparitech.

    Dive Insight:

    Schools have become a popular target for hackers thanks to a combination of increased digitization, the robust amount of student and staff data, and a lack of cybersecurity resources. Some 82% of K-12 schools in the U.S. experienced a cyber incident between July 2023 and December 2024, according to a March report from the nonprofit Center for Internet Security.

    In one of the most prominent recent known examples,a 19-year-old agreed to plead guilty in May to allegedly hacking and extorting student information system provider PowerSchool for $2.85 million. The incident resulted in the leaking of sensitive data of 10 million teachers and more than 60 million students. School districts also received extortion threats in relation to the cyberattack, and more than 100 school systems sued PowerSchool over the breach.

    One challenge of tracking cyberattacks is that incidents aren’t always disclosed by the organization targeted or the ransomware group that attacks. As a result, the Comparitech report said, figures are likely to change as more information is released and incidents are confirmed.

    Comparitech labels a ransomware attack as “confirmed” when the impacted organization publicly reports a ransomware incident or acknowledges a cyberattack that aligns with a ransomware group’s claim.

    As school districts try to navigate these threats and attacks, some of the leading preventative measures include investing in cybersecurity insurance and incorporating multifactor authentication for accessing files.

    Once a breach is discovered, experts recommend determining what external help is needed, whether from cyber incident support teams or private vendors, and alerting law enforcement — including the FBI and entities such as the Department of Homeland Security’s U.S. Computer Emergency Readiness Team. The FBI advises against paying ransoms, as doing so can encourage further cyberattacks and doesn’t guarantee that stolen data will be returned or that access to critical systems will be restored.

    Source link