No improvements: Schools were hit steadily with ransomware attacks in 2022

"The fact that there seems not to have been any decrease in the number of incidents is concerning," according to a new report from antivirus software company Emsisoft.

In what was anticipated to be a year filled with cyber threats by increasingly dangerous criminal actors, the number of ransomware attacks aimed at educational institutions in 2022 was nearly the same as in 2021. Is this cause for celebration? Or do we scratch our heads wondering how, despite numerous prevention efforts, that number remained the same?

Around early September, a joint cybersecurity advisory was released by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Agency, and the Multi-State Information Sharing and Analysis Center warning district leaders to anticipate an increase in ransomware threats as the year progresses.

As more and more schools were exposed to cyber threats, attention to the issue increased.

“Meetings were held, committees formed, and a general sense of urgency took shape around the threat,” according to Emsisoft, an antivirus software company that recently released “The State of Ransomware in the US” report. According to their findings, districts did in fact face major ransomware attacks, with the most significant threat of 2022 being the attack on Los Angeles Unified School District, but the education sector did not see a large spike compared to the previous year despite it being the most-targeted industry.

“In 2022, we got to see how all that would play out—and, unfortunately, it was a case of same old, same old,” the report reads.

According to James Turgal, vice president of Optiv’s Cyber Risk, Strategy and Board Relations and former chief information officer for the FBI, these prevention efforts simply aren’t addressing the core issue.

“The increase in public-private partnerships, government regulation and law enforcement cooperation efforts over the last few years have increased awareness, helped to identify threats and promoted intelligence sharing on the tactics, techniques and procedures used by threat actors to attack victims,” he says. “Certainly, the most effective government intervention to date is the law enforcement efforts to prosecute threat actors while disrupting the crypto-currency infrastructure. However, while those things are helpful, they are not addressing the root cause of the problem.

“There is a stark difference in the cybersecurity ecosystem structure between educational institutions and the commercial sector. Historically, educational institutional ecosystems are very fragmented, with each college or program having its own sub-network. For example, the College of Art and Sciences and the History Department have their own separate networks that are different from the College of Business; however, all the individual colleges or departments are connected to a university enterprise network, which is a single point of attack entry and security failure.

“Also, the underlying security philosophy differs in that educational systems are built to share and not secure data, with students and professors accessing resources on their own, more often than not on unpatched devices, with universities maintaining little or no control over those personal devices. The type of data, the lack of consistent security and the arrival and departure of thousands of new students every year, create a tsunami of data security risks.”

Let’s take a look a detailed look at the impact ransomware attacks had on schools last year. Keep in mind that the raw numbers may not accurately reflect reality. Not all incidents are reported, the organization mentions.


  • In total, 89 organizations in education were exposed to ransomware attacks, a minimal increase from 88 in 2021.
  • The most significant difference between the last two years involves the number of individual schools impacted. In 2021, there were a total of 1,043 schools between all the impacted districts. In 2022, that number nearly doubled to 1,981.
  • There were 45 school districts impacted by ransomware attacks and 44 colleges and universities.
  • In 2021, data was exfiltrated in 50% of incidents. That number rose to 58% in 2022.
  • At least three organizations paid the demanded ransom, the most notable involving the Glenn County Education Office in California which cost them $400,000.

Generally speaking, the number of individual incidents against education remained stagnant over the past several years:

  • 2019: 89
  • 2020: 84
  • 2021: 88
  • 2022: 89

“The fact that there seems not to have been any decrease in the number of incidents is concerning,” according to the report. “Counter-ransomware initiatives have included executive orders, international summits, increased efforts to disrupt the ransomware ecosystem, and the creation by Congress of an interagency body, the Joint Ransomware Task Force, to unify and strengthen efforts. Yet, despite these initiatives, ransomware appears to be no less of a problem.”

So what needs to be done? Well, if your district or university wants to mitigate the risk, according to Turgal, it’s all about having a partner you can trust.

“There is a vast disconnect between the government regulatory discussion groups talking about the problem and the actual putting hands-on keyboards needs of educational institutions in identifying cyber vulnerabilities in their ecosystems and closing those vulnerabilities,” he explains. “The only way to identify and close those gaps is to have a trusted partner, who understands the threat, has an appreciation of the materials and intelligence being generated by the government groups, and then uses that data to role up their sleeves and dive in to assess the educational ecosystem. Clearly, a trusted partner’s ability to understand the business needs of the victim and work with the victim to develop roadmaps to mitigate the risk and close the gaps that threat actors continuously attack, is the most effective method to address the problem.

“Think tanks, legislators and regulators have their place in the cyber-attack conversation, but those conversations will not physically update, upgrade or reconfigure an information technology system to identify and close the gaps.”

More from UB: More education leaders ban TikTok for students and employees

Micah Ward
Micah Ward
Micah Ward is a University Business staff writer. He recently earned his master’s degree in Journalism at the University of Alabama. He spent his time during graduate school working on his master’s thesis. He’s also a self-taught guitarist who loves playing folk-style music.

Most Popular