Rising ransomware attacks on education demand defense readiness

Key points:

• Ransomware disrupts learning—but vetted cybersecurity practices can help
• See article: Fixing the K-12 cybersecurity problem
• See article: How to keep hackers off your school attendance list
• For more news on ransomware, visit eSN’s Cybersecurity page

Ransomware attacks continue to wreak havoc on the education sector, hitting 80 percent of lower education providers and 79 percent of higher education providers this year. That’s a significant increase from 56 percent and 64 percent in 2022, respectively.

As “target rich, cyber poor” institutions, schools store massive amounts of sensitive data, from intellectual property to the personal information of students and faculty. Outdated software, limited IT resources and other security weaknesses further heighten their risk exposure. In a ransomware attack, adversaries exploit these vulnerabilities to infiltrate the victim’s network and encrypt their data, effectively holding it hostage. After encryption, bad actors demand ransom payment in exchange for the decryption key required to retrieve their files.

But the ramifications of ransomware extend beyond the risk of data exposure and recovery costs; attacks can also result in downtime that disrupts learning for students. The impact of ransomware has grown so severe that the Biden Administration has even committed to providing ongoing assistance and resources to support schools in strengthening their cyber defenses.

So, while ransomware in the education sector isn’t a new phenomenon, the stakes remain high. And with both higher and lower education institutions reporting the highest rates of attacks among all industries surveyed in a recent study, the need for increased defense readiness in the education sector has never been more evident.

3 ransomware trends disrupting classrooms in 2023

Cybercriminals have refined the ransomware-as-a-service (RaaS) model in recent years, enabling adversaries to specialize in different stages of attack. Amid the current ransomware surge, IT and security leaders in education must remain aware of the evolving threat landscape so they can effectively safeguard their networks and systems.

Here are some trends from The State of Ransomware in Education 2023 report that demand attention now:

1. Adversaries are leveraging compromised credentials and exploited vulnerabilities. More than three-quarters (77 percent) of attacks against higher education institutions and 65 percent against early education institutions this year originated from compromised credentials and exploited security flaws in software.

Although the root causes of attacks are similar across other industries, educators experienced a significantly higher number of attacks that originated from compromised credentials. The sector’s lack of adoption of multi-factor authentication (MFA) technology — a critical tool in preventing these types of attacks — likely plays a role in this trend.

2. Educational institutions lag behind other sectors when it comes to data backups. The use of data backups is critical in recovering encrypted data and reducing downtime in the event of an attack. Still, only 63 percent of higher educational organizations use backups, falling below the cross-sector average of 70 percent. Lower educational institutions perform slightly better in this area, with 73 percent of organizations backing up their data.

However, the use of backups to recover encrypted data decreased in the last year — a concerning trend given the high rate of ransomware attacks against the sector.

3. Educators are paying ransoms. But should they? Education had one of the highest rates of ransom payouts of all industries, with 56 percent of higher education institutions and 47 percent of lower education institutions paying the ransom in attacks in 2023. Educators’ willingness to pay ransom often stems from factors like the critical nature of their operations and the potential impact of data exposure on staff and students.

But paying the ransom is a risky and often costly move because there’s no way to guarantee adversaries will provide the decryption key. Even if they do, victims may still need to spend significant time and resources recovering data. In fact, paying the ransom actually increased recovery costs and lengthened recovery times for victims this year.

Empowering educators: How to defend against ransomware attacks

Factors like resource constraints can make it difficult to maintain comprehensive and up-to-date cybersecurity measures. But with an understanding of optimal incident response protocols and adversaries’ tools, techniques, and procedures (TTPs), you can prioritize practices and investments that bolster your institution’s defenses against ransomware.

• Explore CISA guidelines and toolkits for recommendations and best practices when it comes to information sharing, maintaining defenses with limited resources and more.

• Maintain proper cybersecurity hygiene through routine patching and regular reviews of security tool configurations. Don’t be afraid to lean on a third-party expert for help assessing the effectiveness of your defenses.

• Defend against common attack vectors with tools like MFA and zero trust network access to prevent the exploitation of compromised credentials.

• Employ managed detection and response (MDR) services to enhance your security with round-the-clock threat monitoring.

• Leverage adaptive technologies that automatically respond to attacks to buy you response time.

• Prepare for the worst by regularly backing up your data and maintaining an incident response plan that reflects the current threat landscape.

• Raise awareness among staff about the dangers of ransomware and best practices they can follow to mitigate risk.

Cyberattacks are inevitable, and ransomware is a common form of attack in the education sector. But you’re not helpless — you have the ability to exercise control over your institution’s digital preparedness.

By adhering to best cybersecurity practices, implementing tools that defend against emerging threats, and outsourcing services when necessary, you can equip your institution to respond to potential threats in an effective and timely manner.