Ransomware attacks on education institutions increased from 44% in 2020 to 60% in 2021, according to the latest report “The State of Ransomware in Education 2022” by Sophos.

The cybersecurity firm’s report saw that more education institutions had the highest data encryption rate (73%) compared to other sectors (65%), and the longest recovery time, with 7% taking at least three months to recover — almost double the average time for other sectors (4%). 

“Education institutions are less likely than others to detect in-progress attacks, which naturally leads to higher attack success and encryption rates,” Chester Wisniewski, principal research scientist at Sophos, said in a media release. “Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience.”

Sophos unveils cloud workload protection updates
Sophos uncovers Squirrelwaffle malware, financial fraud attacks

The report found that educational institutions are one of the most vulnerable sectors when it comes to operational impacts. Sophos survey found that 97% of higher education and 94% of lower education respondents say attacks impacted their ability to operate, while 96% of higher education and 92% of lower education respondents in the private sector further report business and revenue loss.

Higher education institutions, in particular, report the longest ransomware recovery time; while 40% say it takes at least one month to recover (20% for other sectors), 9% report it takes three to six months.

Encrypted data

Only 2% of education institutions recovered all of their encrypted data after paying a ransom (down from 4% in 2020); schools, on average, were able to recover 62% of encrypted data after paying ransoms (down from 68% in 2020).

According to Sophos, schools can go bankrupt because of ransomware because even if they pay the ransom, there is no guarantee that all of their encrypted data will be recovered. 

“Unfortunately, these attacks are not going to stop, so the only way to get ahead is to prioritize building up anti-ransomware defenses to identify and mitigate attacks before encryption is possible,” Wisniewski said.

In the light of the survey findings, Sophos experts recommend the following best practices for all organizations across all sectors: 

• Install and maintain high-quality defenses across all points in the environment. Review security controls regularly and make sure they continue to meet the organization’s needs
• Proactively hunt for threats to identify and stop adversaries before they can execute attacks – if the team lacks the time or skills to do this in-house, outsource to a Managed Detection and Response (MDR) team
• Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose
• Prepare for the worst, and have an updated plan in place of a worst-case incident scenario
• Make backups, and practice restoring from them to ensure minimize disruption and recovery time