Schools and universities targeted by ransomware
Educational institutions were particularly often affected by data encryption last year. Compared to other sectors, the recovery time was also the longest in each case. These are the findings of Sophos's paper "The State of Ransomware in Education 2022".
Cybercriminals are increasingly targeting educational institutions worldwide for ransomware attacks. In its industry analysis "The State of Ransomware in Education 2022." IT security specialist Sophos highlights that in 2021, schools and universities in particular were increasingly the target of attacks related to data encryption.
60 percent of all educational institutions affected
According to the study, 60 percent of educational institutions worldwide were the target of attacks in 2021. According to the study, 7 percent of those attacked need three to six months to recover all their data. Under 2 percent of all educational institutions were able to recover all encrypted data after paying a ransom. 9 percent reported taking three to six months to recover data after an attack. For about 40 percent of all educational institutions, recovery took about one month.
Regular backups advisable
"Schools are among the preferred targets for attackers because they lack strong security measures and are a treasure trove of personal data," Chester Wisniewski, principal research scientist at Sophos, was quoted as saying in a statement. Educational institutions, he said, typically face a lower level of vigilance than other institutions in having to detect attacks on an ongoing basis. This can lead to higher attack success and encryption types, he said. Those who were insured against cyber incidents had an advantage.
Always be prepared for the worst
For schools, the damage was generally paid for by their cyber insurance, with only 78 percent of schools insured against ransomware attacks, he said.
Sophos advises some defense strategies: The IT infrastructure should have a qualitative defense mechanism and the security requirements should be reviewed according to current circumstances. In addition, it is advisable to make regular backups and also to test the recovery scenario on an ongoing basis. In addition, one should always be prepared for the "worst" and know which offices to contact immediately in the event of an emergency.
The environment should be well secured: gaps are unpatched devices, unprotected machines, open RDP ports. If necessary, involve specialists who can maintain the entire security environment by referring to MDR solutions.
Source: Sophos
