Ransomware cost US schools $ 3.56 billion in 2021, research shows

Ransomware the attacks cost US schools and colleges more than $ 3.5 billion in downtime alone last year, according to study published on Thursday.

Comparitech researchers documented 67 individual ransomware attacks in 2021, affecting 954 schools and colleges and nearly a million students. While these numbers may seem high, they all represent double-digit percentage drops from 2020 levels, including a nearly 50% drop in the number of students affected.

School districts have become a popular target for cyber attacks, in particular ransomwarein recent years due to the fact that many of them use outdated computer systems and do not have the same financial or human resources for cybersecurity as many private companies.

At the same time, like hospitals and critical infrastructure, schools cannot afford long closures, increasing the likelihood that they will pay a ransom to unlock their systems. The pandemic and switching to online learning only increased the stakes.

For the purposes of the study, scientists collected information on all documented ransomware attacks impacts schools since 2018. However, research indicates that many attacks are still unreported, especially when the ransom is paid. Often, schools will only make attacks public when lessons are disrupted or student information is compromised.

Scientists were only able to find ransomware payment amounts for six of the 67 attacks they analyzed. As a result, the costs of $ 3.56 billion are due to the estimated downtime and data recovery costs associated with the attacks, not the ransom actually paid.

Based on the data collected from 19 attacks, the average attack-related downtime, that is, the length of time schools were closed or services were largely unavailable, was four days. Convalescence periods in which schools were open but some facilities or services were unavailable lasted an average of almost a month.

Several ransomware attacks on schools made headlines in 2021. In March, cybercriminals successfully blocked computer systems Broward Country Schools, one of the largest districts in the US, demanding a ransom of $ 40 million. After the county refused to pay, they dumped online data.

Also in March attack on the Maricopa County Community Colleges District in Arizona, it affected nearly 200,000 students. In this case, the district was able to detect and block the ransomware before it destroyed its systems, but it still had to cancel classes for a week before it was operational again.

So far this year, scientists say 2022 has been a calmer year than ransomware attacks against schools. The number of documented attacks has decreased from last year’s level, while researchers also noticed decreases in downtime and recovery times.

“While hackers may be increasingly targeted in their approach, lower downtime figures suggest schools are better prepared for these attacks and are better able to restore their systems from backups or mitigate the effects of attacks,” the researchers wrote.

Leave a Comment