Report: Ransomware attacks cost schools more than $3.5 billion last year

Many high-profile ransomware attacks, like last year’s assault on Colonial Pipeline by DarkSide, have focused on corporations. But the bad actors behind those digital assaults don’t limit themselves to the business world. They also appear to be targeting schools.

In 2021, 67 separate ransomware attacks impacted 954 schools and colleges, potentially affecting the data of more than 950,000 students, according to a study by security firm Comparitech. Demands of varying amounts—from $100,000 all the way up to $40 million—were made of the schools in order to regain control of their systems. Few schools reported whether they paid the ransoms, but at least one school paid $547,000, according to Comparitech. In all, the firm estimates, the incidents cost schools more than $3.5 billion in downtime.

The costs go even higher when data recovery, system upgrades, and costs to restore computers are folded in. Some schools were unable to recover.

Lincoln College, a private, predominantly Black university in Illinois that has been around for 157 years, closed permanently last month, citing cyberattacks and the pandemic as reasons. The school had record enrollment in 2019, but the pandemic impacted campus life and limited the school’s ability to raise money. Then, in December, a ransomware attack “thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of fall 2022 enrollment projections,” the school said.

The systems required for recruitment, retention, and fundraising efforts were inoperable after the attack—and while the school paid the hackers a ransom fee, the system didn’t completely come back online until March of this year. By then it was too late. Significant enrollment shortfalls put the school in a hole it couldn’t get out of.

“Lincoln College has been serving students from across the globe for more than 157 years,” wrote David Gerlach, the college’s president, in a statement. “The loss of history, careers, and a community of students and alumni is immense.”

Gathering precise information on ransomware attacks is challenging. The Identity Theft Resource Center notes that reporting on data breaches is inconsistent at best. Of the 367 cyberattacks in the first quarter of 2022, nearly half lacked details about the cause of the breach (such as ransomware or phishing). Companies that pay ransoms are especially reluctant to report the breach.

Based on available data, Comparitech estimates there have been 270 separate ransomware attacks on educational institutions between January 2018 and mid-May 2022. That has a potential impact of more than 3 million students and nearly 4,300 schools and colleges.

Hackers have collected at least $2.64 million in ransom payments from schools in that time, with the average payment totaling $239,733. The company estimates the additional downtime costs for the attacks in that time frame, however, add up to nearly $20 billion.

California, New York, and Texas have seen the most attacks since 2018, with more than 20 each. Illinois had 13 reported and Pennsylvania saw 12.

Ransomware hit a peak in the education sector in 2019, when attacks jumped to 96 (from just 10 the year before). They’ve shrunk in number slightly since then, but attackers are focusing on school districts with bigger budgets, such as Broward County in Florida, where hackers demanded $40 million. (The school district offered $500,000 as a counter offer. The group behind the ransomware dropped their demand to $10 million, but ultimately dumped the school’s data—nearly 26,000 files—online.)

The good news is, that so far 2022 has been a relatively light year for ransomware attacks on schools—and those who are targeted are getting back online faster.

“While hackers may be becoming more targeted in their approach,” Comparitech wrote in its report, “the lower downtime figures suggest schools are more prepared for these attacks and are better able to restore their systems from backups or mitigate the effects of the attacks.” 

https://www.fastcompany.com/90764018/ransomware-attacks-cost-schools-universities-3-5-billion?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Vytvorené 3y | 24. 6. 2022, 11:20:53


Ak chcete pridať komentár, prihláste sa

Ostatné príspevky v tejto skupine

Tesla sets annual meeting for November amid shareholder pressure

Tesla has scheduled an annual shareholders meeting for November, one day after the

10. 7. 2025, 20:40:02 | Fast company - tech
OpenAI vs. Google could be the heavyweight battle of the half-century

Welcome to AI DecodedFast Company’s weekly newsletter that breaks down the most important news in

10. 7. 2025, 18:20:04 | Fast company - tech
The internet is obsessed with ‘Umamusume: Pretty Derby’

The internet’s latest obsession: training and cheering on anthropomorphized anime horses as they race around a track.

First released in 2021 as a mobile game for iOS and Android, Uma

10. 7. 2025, 15:50:09 | Fast company - tech
These Uber alums are building an army of AI agents for the workforce

Minh Pham and JJ Ford have a knack for riding the waves of new tech.

The duo joined Uber in its early days, helping to spearhead mobile development. When CEO Travis Kalanick was

10. 7. 2025, 15:50:07 | Fast company - tech