The number of ransomware attacks on both K-12 and higher education institutions increased in 2021, according to a new report from Sophos, a global cybersecurity leader.


In 2021, 56 percent of respondents from K-12 education were hit by a ransomware attack, and 64 percent in higher education were hit – up from 44 percent of education respondents who were hit in 2020.


According to the report, the education attack rates are lower than the cross-sector average of 66 percent. However, education is the sector least able to stop data from being encrypted in an attack – higher education reported the highest data encryption rate of all sectors at 74 percent, with K-12 a little behind at 72 percent.


“These findings suggest that the education sector is poorly prepared to defend against a ransomware attack, and likely lacks the layered defenses needed to prevent encryption if an adversary does succeed in penetrating the organization,” the report says.


Most of the time, these educational institutions were able to restore some of their encrypted data. 


The proportion of encrypted data restored by education after paying the ransom is in line with the global average of 61 percent – lower education is at 62 percent and higher education at 61 percent. However, only 2 percent of education organizations that paid the ransom got all their data back after paying the ransom.


For educational institutions looking to bolster their ransomware defenses, the report offered five top tips:


  • “Ensure high-quality defenses at all points in your environment. Review your security controls and make sure they continue to meet your needs;
  • Proactively hunt for threats so you can stop adversaries before they can execute their attack – if you don’t have the time or skills in-house, work with a specialist MDR (managed detection and response) cybersecurity service;
  • Harden your environment by searching for and closing down security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) is ideal for this purpose;
  • Prepare for the worst. Know what to do if a cyber incident occurs and who you need to contact; and
  • Make backups, and practice restoring from them. Your goal is to get back up and running quickly, with minimal disruption.”
Read More About
Grace Dille
Grace Dille
Grace Dille is MeriTalk SLG's Staff Reporter covering the intersection of government and technology.