Nearly 80% of schools were hit with a ransomware attack in the last year

Cybercriminals have been refining their tactics for conducting ransomware attacks for several years, a new report suggests. Unfortunately, for higher ed leaders, they've only become more complex.

Since the height of the pandemic when K12 schools began utilizing remote technology more than ever, cybercrime targeting educational institutions has been on the rise. In fact, rates have nearly doubled since 2021, a new analysis suggests.

As part of their global “State of Ransomware in 2023” report, Sophos surveyed 3,000 IT cybersecurity leaders between January and March of 2023 to better understand the sheer scope of the issue as the new school year begins. And to put it bluntly, the situation has only gotten worse across the board.

According to the data, 80% of lower-education institutions reported being hit by a ransomware attack in the last year, compared to 44% in 2021. Similarly, 79% of higher education institutions reported facing attacks in the last year.

“The considerable increase in the attack rate makes clear that adversaries are now able to execute attacks at scale consistently, and ransomware is arguably the biggest cyber risk facing education providers today,” the report reads.

But what exactly is causing this surge in attacks? The researchers asked IT leaders what they identified as the root cause of their exposure to ransomware. Here’s what they said:


  • Compromised credentials (36%)
  • Exploited vulnerability (29%)
  • Malicious email (19%)
  • Phishing (11%)
  • Brute force attack (4%)
  • Download (1%)

Higher education

  • Exploited vulnerability (40%)
  • Compromised credentials (37%)
  • Malicious email (12%)
  • Phishing (7%)
  • Brute force attack (2%)
  • Download (1%)

“Cybercriminals have been developing and refining the ransomware-as-a-service model for several years,” the report reads. “This operating model lowers the barrier to entry for would-be ransomware actors while also increasing attack sophistication by enabling adversaries to specialize in different stages of attacks.”

More from UB: These 10 college towns are the most expensive in the nation. The implications are huge

The data comes at a time when ransomware in education has even caught the attention of federal agencies that recently promised government intervention to support educational institutions in their fight against cybercriminals. Leaders announced several resources that will soon be available for K12 public schools, including advancements to tailored security assessments for K12 by the Cybersecurity and Infrastructure Security Agency (CISA), as well as grants and support from technology providers like Amazon Web Services, Google and Cloudflare.

“If we want to safeguard our children’s futures we must protect their personal data,” said first lady Jill Biden, who is also a teacher. “Every student deserves the opportunity to see a school counselor when they’re struggling and not worry that these conversations will be shared with the world.”

Micah Ward
Micah Ward
Micah Ward is a University Business staff writer. He recently earned his master’s degree in Journalism at the University of Alabama. He spent his time during graduate school working on his master’s thesis. He’s also a self-taught guitarist who loves playing folk-style music.

Most Popular