Ransomware Hit 56% of K-12 Organizations Worldwide in 2021, Sophos Survey Finds

Schools Also Most Likely To Pay a Ransom, Cybersecurity Firm Says

Cybersecurity firm Sophos today released its annual State of Ransomware report showing ransomware attacks nearly doubled in 2021 from the year before, according to results of a survey of 5,600 IT professionals across many sectors.

Across all sectors surveyed, 66% of respondents said their organizations were hit with ransomware in 2021, up from 37% in 2020. Among K–12 schools included in the survey, 56% of K–12 IT professionals responding, representing 320 districts, said they were a victim of ransomware last year.

K–12 schools were the most likely of the sectors surveyed to pay a ransom, as well, the Sophos survey found. The average ransom payout across all sectors occurred in attacks where the threat actors encrypted the victims’ data; that average ransom amount increased nearly fivefold to $812,360 from 2020, with a 300% increase in the proportion of organizations paying ransoms of $1 million or more, Sophos said.

Key Findings among K–12 Respondents:

  • 56% of K–12 districts, or 320, were hit by ransomware last year.
  • 76% of K–12 districts hit by ransomware last year used backups to recover.
  • 45% of K–12 districts paid the ransom.
    • Among K–12 districts that paid up, they reported an average of 60% of their data being restored.
  • 99% of K–12 districts hit by ransomware said district cyberinsurance covered at least some of the associated costs.
    • 58% of K–12 ransomware victims said cyberinsurance paid clean-up costs.
    • 53% of K–12 ransomware victims said cyberinsurance paid the ransom.
    • 27% of K–12 ransomware victims said cyberinsurance paid other associated recovery costs.

The survey, conducted by research agency Vanson Bourne, was conducted during January and February 2022, according to Sophos.

“As ransomware has become more prevalent, organizations have got better at getting at dealing with the aftermath of an attack,” Sophos’ report said. “Almost all organizations hit by ransomware in the last year (99%) now get some encrypted data back, up slightly from 96% last year.”

Key Findings about Restoring Data

  • The No. 1 method used to restore data is backups, used by 73% of respondents whose data was encrypted.
  • 46% reported that they paid the ransom to restore data.
  • Almost half (44%) of the respondents whose organization’s data had been encrypted used multiple methods to restore data.
  • Organizations that paid got back only 61% of their data on average.
  • Only 4% of those that paid the ransom got ALL their data back in 2021, down from 8% in 2020.

A Warning for Relying on Backups & CyberInsurance

Of the respondents who said they weren’t hit by ransomware in 2021 and they don’t expect to be hit in the future, 72% are relying on measures that will not prevent a ransomware attack, Sophos noted: 57% of these respondents cited backups and 37% cited cyberinsurance, with some selecting both options. “While these elements help you recover from an attack, they don’t prevent it in the first place,” the report said.

Almost all the respondents, or 94%, said the process for securing cyberinsurance had become more laborious over the last year.

“As the cyber insurance market hardens and it becomes more challenging to secure cover, 97% of organizations that have cyber insurance have made changes to their cyber defense to improve their cyber insurance position,” the report said.

ConvergeOne, a nationwide provider of cybersecurity services and digital infrastructure, told THE Journal in January that school districts renewing or shopping for cyberinsurance this year can expect potential insurers to conduct an in-depth analysis of the district’s network security before a policy can be purchased.

Senior Director of Cybersecurity Chris Ripkey said K–12 schools without mature security systems in place will no longer be able to use their cyberinsurance policies as a “get of jail free card” when cyberattacks occur.

School districts shopping for or renewing their cyberinsurance, he said, can expect to be asked to demonstrate that they have the following protections, at a minimum, in place:

  • Multi-factor authentication
  • Antivirus and malware protection
  • A mature data privacy program to protect student and staff information
  • A robust patch management system
  • A managed endpoint detection and response services
  • Immutable backups separate from the rest of the infrastructure

“The cyberinsurance brokers will ask for all this information in a self-assessment, and if you don’t meet the minimum requirements, they are not going to insure your district, or your premiums are going to be a lot higher,” Ripkey emphasized. “Our advice is to do your own full assessment before shopping for insurance — take stock of your security practices and where you stand.”

Read the full cyberinsurance report to learn more about changes in the K–12 cyberinsurance landscape.

The State of Ransomware survey results can be downloaded at the Sophos website.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • Abstract geometric pattern with interconnected nodes and lines

    Microsoft 365 Copilot Updates Offer Expanded AI Capabilities, Collaboration Tools

    Microsoft has announced updates to its Microsoft 365 Copilot AI assistant, including expanded AI capabilities in individual apps, the ability to create autonomous agents, and a new AI-powered collaboration workspace.

  • An open book with text transforming into smooth lines represents reading ease

    Fluency Innovator Grants to Award Free Subscriptions to WordFlight Literacy Intervention Solution

    The call for applications is now open for Foundations in Learning's Fall 2024 Fluency Innovator Grants program. Teachers and administrators from schools and districts serving grades 3-8 may apply to receive a free subscription to WordFlight, a literacy assessment and intervention solution for students with deficits in reading fluency and comprehension, for the Fall 2024 semester.

  • AI-themed background with sparse circuit lines and minimal geometric shapes

    Microsoft to Introduce AI Agent Building Tools in Copilot Studio

    In November, Microsoft plans to roll out a public preview of a new feature within Copilot Studio, allowing users to create autonomous AI "agents" designed to handle routine tasks.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.