Since the explosion of edtech tools during the pandemic, two prominent themes have emerged. One: student learning opportunities are more tailored and accessible than ever. Two: Cybercriminals have even greater access to school security networks via student devices and online learning tools.
The latter development is costing schools millions in recovery costs.
In the past year, 63% of K12 schools were affected by a ransomware attack, a new report from cybersecurity company Sophos suggests. It’s a considerable decrease from the 80% reported in 2023’s annual report.
Despite this improvement, schools report spending more on recovery efforts. The mean cost in 2024 for K12 organizations to recover from a ransomware attack was $3.76 million, more than double the $1.59 reported in 2023. The price tag is even heftier for higher education institutions, averaging $4.01 million, nearly four times higher than 2023 reports.
More than 60% of the K12 schools attacked paid the ransom to get their encrypted data back. Seventy-five percent were able to restore their encrypted data using backups.
“A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data,” Sophos’ Senior Marketing Manager Puja Mahendru wrote in a news blog.
For instance, 65% of K12 schools that had their data encrypted reported using more than one method to recover their data, nearly three times higher than last year’s reports.
Ransomware causes
The most valuable data for K12 IT professionals are the root causes of ransomware in education. Among those who reported experiencing an attack in 2024, 44% blamed an “exploited vulnerability,” followed by:
- A malicious email (26%)
- Compromised credentials (20%)
- Phishing (8%)
- Brute force attack (1%)
- Download (1%)
For a more in-depth look at the report, click here.
Podcast: Superintendent Atiya Perkins wants you to “pause for the cause”
