After a decline, ransomware attacks seem to be making a comeback. This statistic cuts across all sectors even though it is subject to variations, but one sector has seen one of the biggest surges is the education sector. Ransomware is a type of malware that can prevent education providers, employees, and pupils from accessing systems and the important data held on them. Typically, the data is encrypted by the attacker, but it may also be deleted or stolen. In some attacks, the computer itself may be made inaccessible.
Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. Attackers are notoriously slippery; they typically use an anonymous email address (such as ProtonMail) to initiate contact. They often request payment in the form of cryptocurrency. Ransomware attacks can have devastating impacts on the education sector, no less because it often requires a significant amount of recovery time to reinstate critical services. There’s also reputational damage for the education provider or facility. Often, these attacks are high profile in nature, with wide public exposure and media interest.
According to a report by Sophos:
The Impact of Ransomware
The good news is most institutions hit by ransomware can get their data back, this is mainly because most have invested in backup solutions, and others resort to paying the ransom, although paying the ransom doesn’t always guarantee getting data back.
The ransom sums are just part of the story, and the impact of ransomware ranges much more widely than just the encrypted databases and devices. 94% of lower education and 97% of higher education respondents hit by ransomware said the attack impacted their ability to operate, while 92% (lower) and 96% (higher) of those working in the private sector said the attack caused their organisation to lose business/revenue. The commercial and operational impact on higher education was the highest across all sectors on both fronts. Lower education was second only to higher education in terms of loss of business/revenue.
How Can Organisations Respond?
Stay in the Game: Mitigate & Remediate
Across all sectors, on average 83% of organisations had secured cyber insurance against ransomware. In comparison, only 78% of lower education and higher education organisations have coverage. In other words, it is more expensive to get insured in the education sector, this mainly emanates from the low cyber security budgets versus the amount of data that needs to be protected, as a result premiums go up.
The subsequent insurance coverage gap is leaving many education organisations exposed to the full cost of an attack, increasing the overall ransomware remediation costs. As insurance coverage becomes more challenging to secure, education is improving its cyber defences to improve its cyber insurance position.
At Mitigate Cyber, we can offer solutions to put institutions on the right path to avoid entirely or minimise the impact of Ransomware, some of these which may include: