Ransomware is hitting one sector particularly hard, and the impact is felt by everyone

The number of ransomware attacks against schools and universities is on the rise – and victims are struggling to recover after their networks have been hit.

According to analysis by cybersecurity researchers at Sophos, education is facing an increased challenge from the threat of ransomware as cyber criminals go after what they perceive to be an easy, but potentially lucrative target. 

“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold,” said Chester Wisniewski, principal research scientist at Sophos. 

In many cases, the victims are paying a ransom for the decryption key. 

The average ransom paid by schools after an attack was $1.97 million. The report points out that this figure may seem surprisingly high but targeting large school districts can be extremely lucrative. 

The average ransom paid by victims of ransomware attacks against higher education establishments comes in at $905,000, which still marks a significant payday for ransomware gangs. 

Victims are paying up because ransomware massively inhibits their ability to operate. When networks are encrypted, schools will struggle to teach classes – particularly if they’re remote – and academic research and resources will be unavailable, all of which has an impact on the broader community in terms of children not able to attend school or access their classwork.

SEE: Ransomware: Why it’s still a big threat, and where the gangs are going next

There’s also the threat of cyber criminals publishing stolen data if the victim doesn’t pay. All of this means that despite warnings that paying ransoms only encourages further ransomware attacks, many victims do pay up. 

Despite this, while those who pay the ransom get some of the data back, it’s far from all of it. According to Sophos, only 61% of data is restored after paying the ransom, meaning that in addition to the cost of a ransom, time and resources have to be put into further repairing the network. 

“You can never trust a criminal and you are only giving away more money than required. The cost of recovery is rarely less when paying a ransom, so best to save the money and stop encouraging the criminals by rewarding them for their bad deeds,” said Wisniewski. 

IT departments in the education sector struggle for staff and budgets, but investing in a good cybersecurity strategy is the best way to help keep the network safe from ransomware – or other cyber threats – and avoid having to pay significant sums of money following a successful cyber attack. 

“The best approach is a combination of prevention and monitoring. Making sure external systems are patched and up to date and deploying multi-factor authentication for remote access is a good start,” said Wisniewski. 

But even if cybersecurity monitoring tools are in place, it’s vital that security staff know how to use them to be effective.  

“It is essential to have these tools monitored on a 24/7 basis to respond to alerts and thwart attackers before they get a foothold. Too often we see that security tools were ringing the alarm bells, but no one was listening until the worst was already done,” Wisniewski concluded. 

MORE ON CYBERSECURITY

• Ransomware is a national security threat, so please tell us about attacks, says government
• Inside a ransomware incident: How a single mistake left a door open for attackers
• Just in time? Bosses are finally waking up to the cybersecurity threat
• It’s time to stop hoping that cybersecurity problems will just go away
• Want to boost your cybersecurity? Here are 10 steps to improve your defences now