Ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018. These attacks impacted over 8,000 educational institutions and exposed 6.7 million individual records.
According to a new report by Comparitech, estimated costs exceed $2.5b in downtime alone as schools struggle to restore systems, recover data and strengthen cybersecurity measures.
In 2023, the number of attacks reached a record high of 121, significantly increasing from the 71 attacks reported in 2022.
The average downtime per attack has also grown, rising from just under nine days in 2021 to 12.6 days in 2023. The financial impact is severe, with downtime costing schools an average of $550,000 daily.
Key Findings of the Report
- 491 ransomware attacks from 2018 to July 2024
- Over 6.7 million records breached
- Estimated total cost of downtime: $2.54b
- The average ransom demand: $1.4m
- The average ransom payment: $169,000
The report also highlighted that ransomware demands vary significantly, ranging from $5000 to $40m.
Some of the most notable cases include hackers targeting Broward County Public Schools in 2021 with a $40 million demand, while Michigan State University faced a $6 million ransom in 2020. However, many schools refuse to pay, citing concerns that meeting demands could incentivize further attacks.
The most affected US states included:
- California: 43 attacks
- New York: 42 attacks
- Washington and Ohio: Most records breached, with over 800,000 records compromised in each state
As of 2024, ransomware attacks on US educational institutions have shown signs of declining, with only a handful of incidents reported in the year’s first half. However, experts caution that the impact of attacks often emerges later, suggesting the current figures may not fully capture the ongoing threat.
“With the threat of ransomware attacks across the US and worldwide remaining high across all industries, it’s never been more important to ensure employees are clued up, systems are updated, and frequent backups are being carried out,” Comparitech concluded.
Source:
https://www.infosecurity-magazine.com/news/ransomware-exposed-67m-records
Latest News:
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
