Ransomware Targets Educational Sector

Just like the public and private sectors, academic institutions have also been targeted by cybercriminals due to the inevitable digital transformation triggered by the COVID-19 pandemic. Recent data from Sophos reveals that 80% of primary and secondary education institutions and 79% of high school institutions reported ransomware attacks in 1H23, highlighting the lack of cybersecurity consciousness within the sector. 

"Academic institutions can be an easy target for cybercriminals, as most of them lack the fundamental elements of a secure network. Additionally, they often serve a wide range of users on their network, including students, teachers, administrators, alumni and external providers," explained Manuel Moreno Liy, Director of Security Sales Enablement, IQSEC. The confidential information stored within these networks is a prime target for cybercriminals seeking financial gain through data compromise.

According to Sophos' study, 30% of ransomware attacks in the education sector originated from phishing emails. The study shows a 20% increase in ransomware attacks targeting educational institutions between 2022 and 2023, 36% of these being motivated by credential theft, while 29% exploited software vulnerabilities.

Sophos’ findings indicate that 27% of primary and secondary schools experiencing data encryption also had data stolen from their networks. This figure climbs to 35% for higher education institutions. This may lead to unauthorized access to student records, potentially allowing attackers to alter grades or steal academic credentials.

Amid the growing ransomware threat, higher education institutions have exhibited resilience in improving their ability to recover from such attacks. Recovery costs in primary and secondary education have remained stable, while high school education has seen a significant decrease in recovery costs, dropping from US$1.42 million in 2022 to US$1 million in 2023. 

According to IQSEC, “the average data ransom amount is estimated at US$1.82 million, but the more significant concern is the leakage and exposure of sensitive information, which places all students in a vulnerable position," said Moreno. Currently, the Mexican states most impacted by ransomware attacks, across both public and private sectors, include Sinaloa, Chiapas, Nuevo Leon, Jalisco and Mexico City.

To mitigate the risk of falling victim to a ransomware attack, Sophos offers several recommendations for educational institutions. These include implementing endpoint protection to prevent vulnerability exploits, adopting a Zero Trust Network Access security strategy to combat the misuse of compromised credentials and consistently applying threat detection protocols, whether internally or through a specialized Managed Detection and Response (MDR) provider. These proactive measures are crucial in safeguarding educational institutions and the sensitive information they hold against the ever-evolving cyberthreat landscape.