The education sector is experiencing a significant increase in ransomware attacks and in some cases recovery takes months
Sophos paints a bleak security picture for the education sector in its annual report ‘State of Ransomware in Education’.
The annual ‘State of Ransomware in Education Report collects data from around the world and summarizes the impact of ransomware attacks on the education sector worldwide.
The Sophos report shows that educational institutions – both higher and primary education – are increasingly being hit by ransomware, with 60 percent experiencing attacks in 2021, compared to 44 percent in 2020.
As part of the State of Ransomware 2022 report, Sophos asked 730 education respondents – 320 in primary education and 410 in higher education – about their experiences with ransomware.
And it makes for grim reading for security personnel.
The findings show that educational institutions experienced the highest data encryption (73 percent) compared to other industries (65 percent) and the longest recovery time, with 7 percent taking at least three months to recover – almost double the average time for other sectors (4 percent).
Higher education institutions in particular report the longest recovery time from ransomware; while 40 percent say it will take at least a month to recover (20 percent for other sectors), 9 percent say it will take three to six months.
Indeed, educational institutions report the greatest propensity to experience operational and commercial fallout from ransomware attacks compared to other industries; 97 percent of higher education respondents and 94 percent of primary education respondents say that attacks have affected their ability to operate, while 96 percent of higher education respondents and 92 percent of primary education respondents continue to report loss of turnover and revenue in the private sector.
Only 2 percent of educational institutions recovered all their encrypted data after paying a ransom (up from 4 percent in 2020); schools were able to recover an average of 62 percent of encrypted data after paying a ransom (up from 68 percent in 2020)
Sophos provided the following video of its findings.
“Schools are hardest hit by ransomware,” said Chester Wisniewski, principal investigator at Sophos. “They are the primary target for attackers because of their overall lack of strong cybersecurity and the goldmine of personal data they possess.”
“Educational institutions are less likely than others to detect ongoing attacks, which naturally leads to higher attack success and higher encryption rates,” added Wisniewski. “Since the encrypted data is most likely confidential student records, the impact is much greater than what most industries would experience.”
“Even if some of the data is recovered, there is no guarantee what data the attackers will return, and even then the damage has already been done, further burdening affected schools with high recovery costs and sometimes bankruptcy,” Wisniewski said. . .
A prime example of this was in May this year when Lincoln College, a private school in the US state of Illinois, announced it would be closing permanently after 157 years after it failed to recover from a ransomware attack in December.
“Unfortunately, these attacks won’t stop, so the only way forward is to prioritize building anti-ransomware defenses to identify and mitigate attacks before encryption is possible,” Wisniewski said.
Interestingly, educational institutions report the highest percentage of cyber insurance payouts on ransomware claims (100 percent higher education, 99 percent primary education).
However, the industry as a whole has one of the lowest rates for cyber insurance against ransomware (78 percent compared to 83 percent for other industries).
“Four out of 10 schools say fewer insurers are offering them coverage, while nearly half (49 percent) report that the level of cybersecurity they need to qualify for coverage has increased,” Wisniewski says.
“Cyber insurers are becoming more selective when it comes to accepting customers, and educational organizations need help meeting these higher standards,” Wisniewski says. “With limited budgets, schools must work closely with trusted security professionals to ensure resources are allocated to the right solutions that deliver the best security outcomes and also help meet insurance standards.”
In light of the research findings, Sophos recommends the following best practices for all organizations in all industries:
Install and maintain high-quality defenses at all points in the environment. Regularly review security controls and ensure they continue to meet the needs of the organization Proactively hunt for threats to identify and stop adversaries before they can launch attacks – if the team does not have the time or skills to do so internally , outsource to a Managed Detection and Response (MDR) team Harden the IT environment by finding and closing key security gaps: unpatched devices, unprotected machines, and open RDP ports, for example. Extended Detection and Response (XDR) solutions are ideal for this purpose Prepare for the worst and ensure an updated plan rather than a worst-case scenario Back up and practice restoring to minimize disruption and recovery time
The Sophos report certainly shows the high number of ransomware attacks targeting the education sector worldwide, and institutions on this side of the pond are also at high risk – and have been for years.
In October 2021, the University of Sunderland admitted that a cyberattack caused “extensive IT problems”, leading to the cancellation of all online classes.
In March 2021, email access to 37,000 students was cut off by a ransomware attack that hit a London-based group of schools (Harris Federation).
The UK education sector was also hit by a wave of ransomware attacks in August and September 2020.
A ransomware incident that hit University College London caused significant disruption in 2017, encrypting university shared and network files.
In 2016, SentinelOne revealed that UK universities are being actively attacked by ransomware hackers.