When school shifted online, it was almost expected that cybercriminals would follow. And the latest “Sophos State of Ransomware in Education 2021” report confirmed that the education sector is among the other industries that experienced the highest level of ransomware attacks in 2020.

The Sophos report found that 44% of organizations in the education sector (along with retail) were hit by ransomware compared to 37% across all industry sectors.

The “Sophos State of Ransomware in Education 2021” survey polled 5,400 IT decision-makers, including 499 education IT managers, in 30 countries across Europe, the Americas, Asia-Pacific, Central Asia, the Middle East, and Africa.

Keep ransomware at bay with Sophos Managed Threat Response

Sophos discovers new ransomware Epsilon that targets unpatched servers

“The education sector has long been an attractive target for cyber-attackers,” said Chester Wisniewski, principal research scientist at Sophos. “The budgets for IT and cybersecurity can be very tight, with stretched IT teams battling to protect what is often outdated infrastructure using limited tools and resources, coupled with risky end-user behaviors, such as downloading pirated software.”

Ransomware paid

Educational institutions that fell victim to ransomware had to spend $2.73 million — the highest across all sectors surveyed, and 48% above the global average — to rectify an attack. The cost includes downtime, people time, device cost, network cost, lost opportunity, and ransom paid, with the average ransom payment amounting to $112,435 (lower than the global average of $170,404).

Of those institutions that were not hit with ransomware last year (55% of respondents), the majority (61%) expect to be targeted in the future. The main reasons for this are that cyberattacks are now so sophisticated (46%) and prevalent (42%) that they are almost impossible to stop.