Dive Brief:
- Ransomware attacks against schools, colleges and universities rose 23% year over year in the first half of 2025, according to a report from Comparitech, a cybersecurity and online privacy product review website.
- The six months saw 130 confirmed and unconfirmed ransomware attacks against educational institutions, with an average ransom demand of $556,000.
- Education was the fourth-most-targeted sector during the first half of 2025, behind business, government and healthcare, according to Comparitech.
Dive Insight:
Schools have become a popular target for hackers thanks to a combination of increased digitization, the robust amount of student and staff data, and a lack of cybersecurity resources. Some 82% of K-12 schools in the U.S. experienced a cyber incident between July 2023 and December 2024, according to a March report from the nonprofit Center for Internet Security.
In one of the most prominent recent known examples,a 19-year-old agreed to plead guilty in May to allegedly hacking and extorting student information system provider PowerSchool for $2.85 million. The incident resulted in the leaking of sensitive data of 10 million teachers and more than 60 million students. School districts also received extortion threats in relation to the cyberattack, and more than 100 school systems sued PowerSchool over the breach.
One challenge of tracking cyberattacks is that incidents aren’t always disclosed by the organization targeted or the ransomware group that attacks. As a result, the Comparitech report said, figures are likely to change as more information is released and incidents are confirmed.
Comparitech labels a ransomware attack as “confirmed” when the impacted organization publicly reports a ransomware incident or acknowledges a cyberattack that aligns with a ransomware group’s claim.
As school districts try to navigate these threats and attacks, some of the leading preventative measures include investing in cybersecurity insurance and incorporating multifactor authentication for accessing files.
Once a breach is discovered, experts recommend determining what external help is needed, whether from cyber incident support teams or private vendors, and alerting law enforcement — including the FBI and entities such as the Department of Homeland Security’s U.S. Computer Emergency Readiness Team. The FBI advises against paying ransoms, as doing so can encourage further cyberattacks and doesn’t guarantee that stolen data will be returned or that access to critical systems will be restored.
