Ransomware Cost US Schools & Colleges 3.5 Billion in 2021

Nearly one million students could have been impacted by the attacks, some of which demanded ransoms of $40 million.
Aaron Drapkin

A new study has revealed that ransomware attacks cost US educational institutions a combined $3.5 billion last year – and nearly $20 billion between January 2018 and May 2022.

The impact that a ransomware attack can have on a school or college should not be understated: One college closed its doors permanently this year after a cyberattack.

Educational institutions often operate on tight budgets, but findings like this illustrate the importance of maintaining a working cybersecurity infrastructure and ensuring students are equipped with password managers.

US Schools and Colleges Targeted

According to the research conducted by Comparitech, 67 individual ransomware attacks took place in 2021, potentially impacting almost one million students.

During attacks, ransomware groups “take down key systems, shut schools for days on end, and prevent teachers from accessing lesson plans and student data.”

The total combined cost of the attacks was $3.56 billion, although individual payloads varied wildly from $100,000 to $40 million (Comparitech).

Lincoln College, a 157-year-old institution based in Illinois, was so financially affected by a cyberattack on its systems that it was forced to shut its doors.

The report notes that the financial damage caused by the attacks in terms of recovery cost – which, in the case of Buffalo Public Schools, was $10 million – was higher than the ransom requested.

Comparitech says that, in total, 954 separate schools and colleges were potentially affected in 2021’s attacks – although this was 46% down on 2020 when 1,753 attacks took place.

Ransomware Attacks: State-by-State

New York and Texas were the states that witnessed the most school or college attacks, with seven and six occurring within state lines respectively – although this is to be expected considering their respective populations.

Florida saw the most students affected last year (269,469) after ransomware attacks orchestrated by the Conti ransomware group affected Broward County, which has 331 schools. They demanded $40 million from the district, but after failed negotiations, data was dumped online.

In Arizona, 196,000 students were impacted in one attack – it was identified and blocked by the system, but over a week’s worth of learning time was lost to system restoration.

Ransomware: What Can You do?

Ransomware attacks are becoming increasingly prevalent, especially with the rise of Ransomware-as-a-service and the general commercial availability of software that will allow you to hold data hostage. However, there are some things you can do to protect yourself, your school, or your business.

For one, don't give hackers an easy way into your network by having short, guess-able passwords that include common phrases. Instead, use a password manager to ensure you can create lengthy, unique passwords without having to remember them all.

Other good tips include activating multi-factor authentication on any and all accounts you hold and ensuring that the software you're using is up to date and subsequently vulnerability-free.

Ransomware attacks will continue to happen – but there are things you can do to keep yourself out of harm's way.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals