The majority of schools and universities suffering a ransomware attack end up paying more than the initial demand, a new report has claimed.
Polling 600 cybersecurity and IT leaders in the education sector, Sophos learned over half (55%) of those working in lower education, and 67% of those working in higher education, ended up paying more than what hackers originally asked for.
It is difficult to determine the reason, but the researchers speculate the victims are feeling pressured to keep the work going and not get disrupted.
Recovering from ransomware
At the same time, organizations in the education sector struggle to quickly recover from a ransomware attack. Less than a third (30%), in both lower and higher education, were able to fully recover within a week (down from 33% and 40% last year, respectively).
The good news is that there are now fewer attacks. Last year, 80% of lower education and 79% of higher education organizations were hit. This year - 63% and 66%, which is significantly lower. Unfortunately, the rate of data encryption has gone up a little bit, compared to last year.
Most of the time, the attack starts with an exploited vulnerability, which is why Sophos suggests a layered approach to security, that includes vulnerability scanning and patching prioritization. Organizations should also focus on getting endpoint protection solutions with anti-ransomware capabilities, and a 24/7 human-led managed detection and response services.
“Unfortunately, schools, universities and other educational institutions are targets that are beholden to municipalities, communities and the students themselves, which inherently creates high pressure situations if they are hit and destabilized by ransomware,” commented Chester Wisniewski, director, field CTO, Sophos.
“Educational institutions feel a sense of responsibility to remain open and continue providing their services to their communities. These two factors could be contributing to why victims feel so much pressure to pay.”
More from TechRadar Pro
- Educational Institutions become a prime target for cybercriminals as the new academic year commences
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now