Report: Ransomware Costs Schools Nearly $550,000 per Day of Downtime

New data from cybersecurity research firm Comparitech quantifies the damage caused by ransomware attacks on K-12 and higher education institutions.

Since 2018, the company has clocked nearly 500 separate ransomware attacks aimed at schools and universities in the United States, affecting the data of over 6.7 million individuals.

It found the average ransomware demand is $1.4 million, though the average ransomware payment is leagues smaller, less than $170,000. 

On average, each of these ransomware attacks caused nearly 11 days of downtime, with each missed day costing schools nearly $550,000.

All told, according to Comparitech's data, ransomware has cost the U.S. education system over $2.5 billion since 2018.

The ransomware landscape was particularly rough in 2023, which had a record-breaking 121 attacks. However, 2024 — at least, so far — has provided a slight reprieve. The rate of attacks this year has considerably slowed, and both the duration and cost of downtime have seen a noticeable decline.  

"Hackers often target schools in the latter part of the year, so it's possible we will see an uptick in ransomware attacks on educational institutions for 2024, but it's unlikely the figures will reach 2023's high," Comparitech said in a post detailing its findings.

However, the company warned that attackers seem to be more discerning, increasingly going for institutions with bigger budgets and larger troves of student data. With attacks becoming more sophisticated and targeted, Comparitech urged readiness.

"With the threat of ransomware attacks across the U.S. and worldwide remaining high across all industries, it's never been more important to ensure employees are clued up, systems are updated, and frequent backups are being carried out," the company said.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

  • DreamBox Math

    Discovery Education Announces Updates to Experience, DreamBox Math

    K-12 learning solution provider Discovery Education has announced enhancements to its Discovery Education Experience and DreamBox Math products, designed to create a more personalized, engaging learning experience for students.

  • abstract pattern of cybersecurity, ai and cloud imagery

    Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A recent report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.

  • digital dashboard featuring a shield icon, graphs, a world map, and network nodes

    IBM Launches Agentic AI Governance and Security Platform

    IBM has introduced a new software stack for enterprise IT teams tasked with managing the complex governance and security challenges posed by autonomous AI systems.

  • laptop and fish hook

    Security Researchers Identify Generative AI 'Vishing' Attack

    A new report from researchers at Ontinue's Cyber Defense Center has identified a complex, multi-stage cyber attack that leveraged social engineering, remote access tools, and signed binaries to infiltrate and persist within a target network.