Dive Brief:
- Globally, the number of confirmed ransomware attacks targeting the education sector dropped from 188 in 2023 to 116 in 2024, according to data released Thursday by Comparitech, a cybersecurity and online privacy product review website.
- Across the four sectors analyzed by Comparitech, educational institutions — including schools and colleges — were the only group to see a decline in ransomware attacks. Still, 1.8 million records were affected by ransomware attacks in the education sector worldwide in 2024, with the average ransom demand being $847,000.
- While the total number of confirmed ransomware attacks against all industries worldwide declined between 2023 and 2024, Comparitech expects 2024 figures to rise since it can take months or even years to solidify a ransomware report.
Dive Insight:
Ransomware data is often difficult to track, particularly if a school or district does not disclose or confirm the incident.
Research tracking U.S. K-12 ransomware attacks specifically points to a general increase in incidents in recent years. In fact, the number of K-12 ransomware attacks ballooned 393% between 2016 and 2022, from 14 to 69, according to data from national nonprofit K12 Security Information eXchange. Between November 2022 and October 2024, K-12 SIX reported another 85 incidents targeting K-12 public schools.
Additionally, there are no nationwide reporting standards for school systems impacted by cyberattacks. While a federal rule is currently being finalized to require education institutions among other sectors to report cyber incidents, it’s still unknown how the Cybersecurity and Infrastructure Security Agency will handle the data or share it.
Comparitech’s analysis identified a total of 5,461 ransomware attacks on all organizations worldwide in which threat actors claimed responsibility. But the analysis generally focused on confirmed ransomware attacks — those in which an organization publicly disclosed they were targeted.
One of the confirmed K-12 ransomware incidents flagged by Comparitech from 2024 was a June 17 incident involving the Alabama State Department of Education. State officials said they thwarted hackers from accessing all targeted servers, but the criminals were still able to infiltrate some data before the department’s staff could fully stop the cyberattack. The department added that it was not negotiating with foreign actors or extortioners, as the FBI warns against paying hackers.
Other school districts confirmed by Comparitech to have been targeted by ransomware attacks in 2024 include Utah’s Granite School District (for a $1.5 million ransom), Pennsylvania’s Shenango Area School District (for $1.3 million), Arizona’s Tri-City College Prep High School (for $100,000), South Carolina’s Charleston County School District, Texas’ Abilene Independent School District, Nebraska’s Winnebago Public Schools, and Georgia’s Effingham County Schools.
It’s unclear whether any of the school districts paid a ransom during these attacks, according to the analysis.
The ongoing prevalence of K-12 cyberattacks — particularly ransomware — comes as threat actors view resource-strapped schools as both vulnerable and lucrative targets, because districts often don’t have enough dedicated funds to protect their networks containing troves of sensitive student and staff information.
One recent effort to address schools’ need for additional cybersecurity support is the Federal Communications Commission’s $200 million, three-year pilot program. The initiative is focused on helping schools and libraries cover costs for cybersecurity services and equipment. In November, the FCC said demand far exceeded the program’s capacity, with requests during the application process totaling $3.7 billion.
Dive Awards
