The number of ransomware attacks against schools and universities is on the rise – and victims are struggling to recover after their networks have been hit.
According to analysis by cybersecurity researchers at Sophos, education is facing an increased challenge from the threat of ransomware as cyber criminals go after what they perceive to be an easy but potentially lucrative target.
"Schools are among those being hit the hardest by ransomware. They're prime targets for attackers because of their overall lack of strong cybersecurity defenses and the goldmine of personal data they hold," said Chester Wisniewski, principal research scientist at Sophos.
SEE: Ransomware: Why it's still a big threat, and where the gangs are going next
In many cases, the victims are paying a ransom for the decryption key.
The average ransom paid by schools after an attack was $1.97 million. The report points out that this figure might seem surprisingly high but targeting large school districts can be extremely lucrative.
The average ransom paid by victims of ransomware attacks against higher education establishments comes in at $905,000, which still marks a significant payday for ransomware gangs.
Victims are paying up because ransomware massively inhibits their ability to operate. When networks are encrypted, schools will struggle to teach classes – particularly if they're remote – and academic research and resources will be unavailable, all of which leads to an impact on the broader community in terms of children not able to attend school or access their classwork.
There's also the threat of cyber criminals publishing stolen data if the victim doesn't pay. All these factors mean that, despite warnings that paying ransoms only encourages further ransomware attacks, many victims do pay up.
However, while those who pay the ransom get some data back, it's far from all of it. According to Sophos, only 61% of data is restored after paying the ransom, meaning that in addition to the cost of a ransom, time and resources have to be put into further repairing the network.
"You can never trust a criminal and you are only giving away more money than required. The cost of recovery is rarely less when paying a ransom, so best to save the money and stop encouraging the criminals by rewarding them for their bad deeds," said Wisniewski.
SEE: These are the cybersecurity threats of tomorrow that you should be thinking about today
IT departments in the education sector struggle for staff and budgets, but investing in a good cybersecurity strategy is the best way to help keep the network safe from ransomware – or other cyber threats – and avoid having to pay significant sums of money following a successful cyberattack.
"The best approach is a combination of prevention and monitoring. Making sure external systems are patched and up to date and deploying multi-factor authentication for remote access is a good start," said Wisniewski.
But even if cybersecurity-monitoring tools are in place, it's vital that security staff know how to use them to be effective.
"It is essential to have these tools monitored on a 24/7 basis to respond to alerts and thwart attackers before they get a foothold. Too often we see that security tools were ringing the alarm bells, but no one was listening until the worst was already done," Wisniewski concluded.