Skip to main content
close search
site logo
Dive Brief

Nearly half of K-12 providers hit by ransomware paid to have data restored

A survey of lower education providers in 14 countries found recovery costs averaged about $2.18 million for those paying ransoms.

Published Aug. 7, 2023
Roger Riddell's headshot
Senior Editor
A pair of binoculars covered with code, indicating a cybersecurity breach
Nearly three-quarters of polled lower education providers in 14 countries were able to use backups to restore data following a ransomware attack. Marco_Piunti via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Just under half (47%) of public and private lower education, or K-12, institutions worldwide hit by a ransomware attack ultimately paid to recover their stolen data, according to a report from U.K.-based cybersecurity firm Sophos.

  • Nearly three-quarters (73%) of polled lower education providers were able to use backups to restore data following such an attack. The survey, conducted between January and March, included 200 lower education respondents in 14 countries.

  • Nearly a quarter (23%) used multiple recovery methods to restore data, though recovery costs averaged about $2.18 million for those paying ransoms compared to $1.37 million for those restoring with backups.

Dive Insight:

Education has become a prime target for cyberattacks due to a lucrative combination of the amount of sensitive personal data available and an IT funding environment that hasn’t kept pace with cybersecurity staffing and resource needs amid growing digitization. Ransomware is a particularly popular mode of attack in which a perpetrator infiltrates the target’s network with malware that encrypts and locks sensitive data and systems until a ransom is paid.

According to the Sophos report, the rate of ransomware attacks on lower education providers rocketed to 80% in 2023, up from 56% last year. The education sector reported the highest rates of ransomware attacks of any industry polled by the firm.

While the actual number of schools impacted by cyberattacks is often believed to be higher than what’s publicly disclosed, a January report from endpoint protection firm Emsisoft found the number of U.S. schools hit specifically by ransomware climbed to 1,981 in 2022, nearly double the level potentially compromised in 2021.

A global cyberattack on clients of file transfer platform MOVEit tallied multiple education victims, including New York City Public Schools, the Minnesota Department of Education and teacher retirement fund TIAA

High-profile K-12 ransomware targets in other data breaches have included the Los Angeles Unified School District, Iowa’s Des Moines Public Schools, and Arkansas’ Little Rock School District, the last of which ultimately paid a $250,000 ransom.

The FBI, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center discourage victims from paying ransoms, as there’s no guarantee the files will actually be recovered.

Filed Under: Technology

Editors' picks

  • An adult stands behind a podium near the Washington Monument in Washington, D.C. To the adult's right, there is a large photo of a child. People are standing behind the adult.
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip
    Deep Dive

    Another record high: Counting school shootings in 2023

    Varying — and in some cases lacking — definitions and data make the issue hard to track, as experts continue to pursue solutions for both prevention and recovery.

    By Naaz Modan and Kara Arundel • Dec. 20, 2023
  • A red award ribbon is shown against a purple background with a pencil on either side.
    Image attribution tooltip

    Photo illustration: Shaun Lucas/Industry Dive; Getty Images

    Image attribution tooltip
    Dive Awards

    The K-12 Dive Awards for 2022

    These leaders are shaping the nation’s schools with commitments to high expectations, strong relationships and robust career exploration models.

    By Roger Riddell • Nov. 21, 2022

Company Announcements

View all | Post a press release
Ulster BOCES Opens Application for Conference “Deep Dive” Session Facilitators
From Ulster BOCES
October 29, 2024
Krista Gauthier Named Executive Director of the IMSE Foundation, Promises to Champion Literac…
From Institute for Multi-Sensory Education
October 24, 2024
Dallas Independent School District Approves CoderZ and RoboX For Pre-engineering and Robotics …
From Intelitek
November 05, 2024
VHS Learning Among 136 Organizations Committed to Advancing Computer Science Education through…
From VHS Learning
November 04, 2024
Editors' picks
  • An adult stands behind a podium near the Washington Monument in Washington, D.C. To the adult's right, there is a large photo of a child. People are standing behind the adult.
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip
    Deep Dive

    Another record high: Counting school shootings in 2023

    Varying — and in some cases lacking — definitions and data make the issue hard to track, as experts continue to pursue solutions for both prevention and recovery.

    By Naaz Modan and Kara Arundel • Dec. 20, 2023
  • A red award ribbon is shown against a purple background with a pencil on either side.
    Image attribution tooltip

    Photo illustration: Shaun Lucas/Industry Dive; Getty Images

    Image attribution tooltip
    Dive Awards

    The K-12 Dive Awards for 2022

    These leaders are shaping the nation’s schools with commitments to high expectations, strong relationships and robust career exploration models.

    By Roger Riddell • Nov. 21, 2022
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell