Ransomware Attackers Double Down on Attacking Vulnerable Schools

Ransomware attacks have been rising recently, and schools are not immune to them. In fact, schools are actually quite vulnerable to these types of attacks, as they often have limited IT budgets and staff.

Ransomware is malware that encrypts a user's files and demands a ransom be paid to decrypt them. These attacks can be highly costly for schools that often lose essential data and files.

Sophos, a cybersecurity company, revealed in a survey report that 3 out of 5 higher and lower education institutions faced a ransomware attack. This is occurring even though education institutions have the highest data encryption rate of 73% compared to other sectors (65%) and almost twice more time to recover compared to the average company. In another study, APAC ranks third highest region targeted by ransomware globally according to cybersecurity firm Group-IB.

“Schools are among those being hit the hardest by ransomware. They’re prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold. Education institutions are less likely to detect in-progress attacks, leading to higher attack success and encryption rates. Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience," said Chester Wisniewski, the principal research scientist at Sophos. 

He added that even if a portion of the data is restored, the damage is done, and there is no guarantee of what data the attackers will return. This further burdens the victimized schools with high recovery costs and, worst, bankruptcy. Unfortunately, these attacks will not stop, and it is a priority to build up anti-ransomware defenses to identify and mitigate attacks before possible encryption. 

The education sector has the highest rate of cyber insurance payout on ransom claims, with 100% in higher education and 99% in lower education. Still, cyber insurers have become more selective in accepting customers, making it difficult for education organizations to attain high standards insurance requirements. 

Best practices in responding to ransomware attacks 

With ransomware attacks on the rise, schools must be prepared. Here are some best practices for responding to a ransomware attack:

1. Install and maintain high-quality defenses at all points in the environment. Regularly review security controls meeting the organization's security standards. 

2. Proactively look for threats before cybersecurity attacks arise. Outsource a Managed Detection and Response team if the institution lacks time or skills in this area. 

3. Extended Detection and Response (XDR) solutions are ideal for hardening the IT environment by searching for and closing critical security gaps such as unpatched devices, unprotected machines, and open RDP ports.

4. Always have an alternative plan in a worst-case scenario. 

5. Make backups and practice restoring files to minimize disruption and recovery time.

Image credit: iStockphoto/AndreyPopov