Education sector particularly hard hit by ransomware

Education sector particularly hard hit by ransomware

Share post

According to a study by Sophos, the education sector saw the highest number of attacks and the highest recovery costs in 2020. In its study “Sophos State of Ransomware in Education 2021”, Sophos investigates the extent and impact of ransomware attacks.

The latest ransomware attacks, which are also affecting education, confirm the research results of the Sophos study and the particular vulnerability of educational institutions to cyber threats. The REvil ransomware attack via Kaseya caused a stir in schools in New Zealand, the FBI and the British National Cyber ​​Security Center are issuing warnings for the education sector, and the BSI is also committed to working safely in everyday digital school life.


The most important research results at a glance

  • Education, along with retail, were the hardest hit by ransomware attacks in 2020 (44 percent of businesses versus 37 percent across all industries).
  • For educational institutions, the financial impact of a ransomware attack in 2020 was particularly crippling. The total bill for fixing a ransomware attack in the education sector, including downtime, staff time, equipment costs, network costs, lost business opportunities, ransom paid, and more, averaged $ 2,73 million - the highest figure across all sectors examined and 48 percent above the global average.
  • More than half (58 percent) of educational institutions affected by ransomware said the attackers had succeeded in encrypting their data.
  • More than a third (35 percent) of the affected facilities gave in to the attackers' demands and paid the ransom. Only in the energy, oil / gas and utility (43 percent) and local government (42 percent) sectors were more blackmailed willing to pay.
  • The average ransom payment was $ 112.435 (lower than the global average of $ 170.404). However, those who paid only got about two-thirds (68 percent) of their data back on average, with nearly a third of the data remaining inaccessible. Only 11 percent received all encrypted data back.
  • Of the institutions that were not affected by ransomware in the last year (55 percent of those surveyed), 61 percent of those surveyed expect that they will be targeted in the future. The main reasons they cited were that cyberattacks are now so sophisticated (said 46 percent) and widespread (said 42 percent) that they can hardly be stopped.

Was your organization the target of a ransomware attack in the past year? 499 answers (Image: Sophos).

"The education sector has long been an attractive target for cyber criminals," says Chester Wisniewski, Principal Research Scientist at Sophos. “IT and cybersecurity budgets are often very tight and IT teams struggle with limited tools and resources to protect the often outdated infrastructure.

Education sector: low security budgets - high vulnerability

In addition, there is the risky behavior of end users, such as downloading pirated copies. All of these factors increase the risk every year anyway. In the 2020 pandemic, educational institutions also had to switch to virtual learning environments at short notice. There was very little time to think about security or conduct basic cybersecurity training for all new users. This has made the sector even more vulnerable. Attackers quickly seized this opportunity, leaving victims building the IT infrastructure from the ground up with enormous financial repercussions. To protect the network from ransomware, we advise IT teams to focus their resources on three critical areas: building stronger defenses against cyber threats, introducing security training for users and, where possible, investing in more resilient infrastructure. "


More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

Election 2021: Citizens fear fake news and targeted propaganda

Avast survey: majority of German citizens fear fake news and targeted propaganda messages could influence federal elections. In a poll in the run-up to the federal election ➡ Read more

Bots make up 40 percent of all Internet traffic

New Barracuda Study: A Spike in Bot Traffic. Malicious bots make up 40 percent of all Internet traffic. Cloud security specialist Barracuda analyzed in the first ➡ Read more

Healthcare: only a third feel they are well protected 

Only a third of German healthcare companies have invested in preventive cyber defense. Kaspersky study: three-quarters of healthcare organizations have one during the pandemic ➡ Read more

Study: Great danger from old weak points

Trend Micro Study: Old vulnerabilities pose great risk. Around a quarter of the exploits traded in the cybercriminal underground are over three years old. ➡ Read more