Education Sector Tops Ransomware Attack Charts, Sophos Survey Finds

Sophos, a global leader in cybersecurity as a service, has released a new survey report titled “The State of Ransomware in Education 2023.” The report reveals that education experienced the highest rate of ransomware attacks in 2022. Among the surveyed organizations, 79% of higher educational institutions and 80% of lower educational institutions reported being targeted by ransomware. These figures mark an increase from 64% and 56%, respectively, in 2021.

Moreover, the education sector witnessed a significant number of ransom payments, with 56% of higher educational organizations and 47% of lower educational organizations choosing to pay the ransom. However, paying the ransom resulted in higher recovery costs for both groups. Higher educational organizations that paid the ransom faced recovery costs of $1.31 million compared to $980,000 for those who relied on backups. For lower educational organizations, the average recovery costs were $2.18 million when paying the ransom versus $1.37 million without paying.

Paying the ransom also prolonged the recovery process for victims. For higher educational organizations, 79% of those using backups recovered within a month, while only 63% of those who paid the ransom achieved the same timeframe. Similarly, for lower educational organizations, 63% of those using backups recovered within a month, compared to only 59% of those who paid the ransom.

Chester Wisniewski, field CTO at Sophos, pointed out that schools are attractive targets for cybercriminals due to their visibility and immediate impact in communities. However, paying ransoms does not lead to quicker resolution of attacks, and it might even make them more likely to be targeted.

The survey highlighted that the root causes of ransomware attacks in education were similar to those across all sectors, but a significant number of attacks involved compromised credentials in both higher and lower educational organizations [37% and 36%, respectively, compared to 29% for the cross-sector average].

Other key findings from the report include:

Exploits and compromised credentials accounted for 77% of ransomware attacks against higher educational organizations and 65% against lower educational organizations.

The rate of encryption remained steady for higher educational organizations [73% in 2022] but increased for lower educational organizations [81% in 2022].

Higher educational organizations reported a lower rate of using backups [63%] compared to the cross-sector average [70%], while lower educational organizations had a slightly higher rate [73%].

Sophos recommends several best practices to defend against ransomware and cyberattacks in the education sector, including strengthening defensive tools, adopting multifactor authentication [MFA] technology, and maintaining good security hygiene through timely patching and security tool configuration reviews.

The survey, conducted across 14 countries in the Americas, EMEA, and Asia Pacific, polled 3,000 IT/cybersecurity leaders in organizations with 100 to 5,000 employees, including 400 from the education sector 200 from lower education [up to 18 years] and 200 from higher education [above 18 years], covering both public and private sector education providers.

To access the complete “State of Ransomware in Education 2023” report by Sophos, visit

Related Posts