A new study has revealed that ransomware attacks cost US educational institutions a combined $3.5 billion last year – and nearly $20 billion between January 2018 and May 2022.
The impact that a ransomware attack can have on a school or college should not be understated: One college closed its doors permanently this year after a cyberattack.
Educational institutions often operate on tight budgets, but findings like this illustrate the importance of maintaining a working cybersecurity infrastructure and ensuring students are equipped with password managers.
US Schools and Colleges Targeted
According to the research conducted by Comparitech, 67 individual ransomware attacks took place in 2021, potentially impacting almost one million students.
During attacks, ransomware groups “take down key systems, shut schools for days on end, and prevent teachers from accessing lesson plans and student data.”
The total combined cost of the attacks was $3.56 billion, although individual payloads varied wildly from $100,000 to $40 million (Comparitech).
Lincoln College, a 157-year-old institution based in Illinois, was so financially affected by a cyberattack on its systems that it was forced to shut its doors.
The report notes that the financial damage caused by the attacks in terms of recovery cost – which, in the case of Buffalo Public Schools, was $10 million – was higher than the ransom requested.
Comparitech says that, in total, 954 separate schools and colleges were potentially affected in 2021’s attacks – although this was 46% down on 2020 when 1,753 attacks took place.
Ransomware Attacks: State-by-State
New York and Texas were the states that witnessed the most school or college attacks, with seven and six occurring within state lines respectively – although this is to be expected considering their respective populations.
Florida saw the most students affected last year (269,469) after ransomware attacks orchestrated by the Conti ransomware group affected Broward County, which has 331 schools. They demanded $40 million from the district, but after failed negotiations, data was dumped online.
In Arizona, 196,000 students were impacted in one attack – it was identified and blocked by the system, but over a week’s worth of learning time was lost to system restoration.
Ransomware: What Can You do?
Ransomware attacks are becoming increasingly prevalent, especially with the rise of Ransomware-as-a-service and the general commercial availability of software that will allow you to hold data hostage. However, there are some things you can do to protect yourself, your school, or your business.
For one, don't give hackers an easy way into your network by having short, guess-able passwords that include common phrases. Instead, use a password manager to ensure you can create lengthy, unique passwords without having to remember them all.
Other good tips include activating multi-factor authentication on any and all accounts you hold and ensuring that the software you're using is up to date and subsequently vulnerability-free.
Ransomware attacks will continue to happen – but there are things you can do to keep yourself out of harm's way.