Ransomware threat against colleges grows, survey finds
Dive Brief:
- Ransomware attacks targeted the education sector more than any other industry in the last year, with 79% of surveyed higher education institutions across the world reporting being hit, according to an annual report from Sophos, a U.K.-based cybersecurity firm.
- Of the higher ed institutions that reported ransomware attacks, 59% said it resulted in them losing “a lot of” business and revenue. Around one-fourth, 28%, reported smaller losses.
- Hackers exploited system vulnerabilities in 4 in 10 higher education ransomware attacks, making them the sector’s most common root issue. Compromised credentials caused another 37% of attacks, while malicious emails led to 12% of reported incidents.
Dive Insight:
Sophos’ latest survey suggests that ransomware is increasingly targeting colleges and universities. In 2022’s report, only 64% of higher education institutions said they had been hit by ransomware in the past year — 15 percentage points lower than the share who reported incidents in the latest survey.
In some cases, hackers are ramping up their efforts to get colleges to pay for the return of their data.
Knox College, a private liberal arts institution in Illinois, made headlines late last year when a hacker group broke into its computer system and accessed student data. The group that took credit for the breach, known as Hive, emailed students saying they had retrieved “personal information, medical records, psychological assessments, and many other sensitive data,” and threatened to sell their social security numbers.
The attack spurred multiple lawsuits from students, who allege that Knox failed to follow the latest security practices to shield sensitive data.
“Sophos’ latest report is a clarion reminder that ransomware remains a major threat, both in scope and scale,” said Megan Stifel, chief strategy officer at the Institute for Security and…
