Dive Brief:
-
The education sector saw 180 ransomware attacks worldwide in the first three quarters of the year — a 6% year-over-year increase from the 170 attacks recorded in 2024, according to Comparitech data released Thursday. The findings include both confirmed and unconfirmed attacks.
-
Most of the 2025 ransomware attacks — 95 out of 180 — were in the U.S. Some 35 of those 95 attacks have been confirmed by the targeted schools so far. The number of confirmed attacks is expected to climb in the coming months, as breaches are often reported some time after an attack.
-
Still, the past two quarters marked the first dip in attacks since the start of 2024, which could indicate "a more positive outlook for the education sector," according to the cybersecurity and online privacy product review website.
Dive Insight:
The ransom demand across all 180 attacks globally averaged $444,400.
"This definitely isn't the time to get complacent," said Rebecca Moody, head of data research at Comparitech, in an email to K-12 Dive on Thursday. "These attacks, and their subsequent breaches, remain a dominant threat. That's why it's imperative schools and colleges of all sizes take key steps to try and mitigate their risks."
Many of the confirmed attacks resulted in systems going offline, leading to network disruptions and classes being cancelled for days or weeks. The incidents led to stolen data more often than not, with an average of 2.6 terabytes worth of data stolen per attack.
In South Carolina’s Cherokee County School District, for example, a confirmed March attack affected systems for around a week and resulted in 624 gigabytes of data allegedly stolen. Last month, the school district reported that data from 46,000 people was impacted.
A 2023 Comparitech report estimated the cost of ransomware attacks on K-12 and higher education institutions globally at over $53 billion in downtime between 2018 and mid-September 2023.
To prevent ransomware attacks, Moody said schools should keep systems up to date, patch vulnerabilities as soon as they're flagged, and conduct regular cybersecurity training for employees.
"A worst-case scenario plan should also be in place because, as gangs continue to exploit vulnerabilities via third parties, even schools with the best cybersecurity standards can be left vulnerable if the third parties they're working with are targeted," said Moody.
Likewise, cybersecurity experts suggest that school districts implement phishing tests, establish a backup network and tap into state and federal support such as cybersecurity advisors to prevent and respond to ransomware attacks.
Phishing, which often seeks to trick staff into revealing login credentials, can target high-profile employees more often than others, such as those working in human resources, business, the superintendency and other administrative roles with access to sensitive data.
Dive Awards
