Comparitech researchers recorded 67 separate ransomware attacks in 2021, affecting 954 schools and colleges and nearly 1 million students. While these numbers may seem high, they all mark a double-digit percentage decline from 2020 levels, including a nearly 50% drop in the number of students affected.
School districts have become popular targets for cyberattacks, especially ransomware, in recent years because many are running outdated computer systems and don’t have the financial or human resources for cybersecurity that many private companies do. At the same time, like hospitals and critical infrastructure, schools cannot afford prolonged closures, making them more likely to pay ransoms to unlock their systems. The Covid-19 pandemic and the shift to online learning have only increased the risk.
For the study, the researchers collected information on all documented ransomware attacks affecting schools since 2018. But the study noted that many attacks remain unreported, especially when ransoms are paid. Schools typically only disclose these attacks when classes are interrupted or student information is compromised.
The researchers were only able to find ransomware payment amounts for six of the 67 attacks they focused on. As such, the $3.56 billion cost figure stems from estimated downtime and recovery costs associated with the attack, not the actual ransom paid. Based on data collected from 19 attacks, the average downtime associated with an attack, where schools are closed or services are largely unavailable, was four days.
A handful of ransomware attacks targeting schools grabbed headlines in 2021. In March, cybercriminals successfully targeted the computer systems of Broward Country School, one of the largest districts in the United States, demanding a ransom of up to $40 million. After the region refused to pay, they posted the stolen data online.
Also in March, an attack on the Maricopa County Community College District in Arizona affected nearly 200,000 students. In this case, the district was able to spot and stop the ransomware before it wreaked havoc on its systems, but it still had to cancel classes for a week when it resumed operations. So far this year, 2022 has been a quieter year for ransomware attacks targeting schools, the researchers said. The number of documented attacks is down from levels a year ago, while researchers also noticed a drop in downtime and recovery periods.
