Dive Brief:
- More than half of higher education institutions targeted in ransomware attacks paid a ransom to get their data back, according to a new report from U.K.-based cybersecurity firm Sophos.
- Just under two-thirds of polled colleges, 63%, used backups to restore their data, while 56% paid the ransom. The findings are based on a survey of 200 colleges across 14 countries conducted between January and March.
- The two options aren’t mutually exclusive, with almost a quarter of respondents indicating they used multiple recovery methods, the report noted. However, higher education institutions that used backups had lower average recovery costs than those that paid ransoms, $980,000 versus $1.3 million.
Dive Insight:
The report sheds light on how colleges respond to ransomware attacks, in which cybercriminals encrypt data or threaten to sell it unless an institution pays a ransom for its return. Although colleges are usually tight-lipped about whether they have paid ransoms, the survey results suggest this recovery method is commonplace.
Some colleges have recently gone public about paying hackers. The University of Hawaiʻi system announced in late July that it paid a ransomware group to get back data taken from Hawaiʻi Community College’s network, though it did not disclose the sum.
“The University of Hawaiʻi made the difficult decision to negotiate with the threat actors in order to protect the individuals whose sensitive information might have been compromised,” the system said in a statement.
The attack likely compromised the data of 28,000 people, the system said. Officials made the decision after considering the ransomware group’s history of posting stolen personal information when it didn’t reach a deal with its victims, the announcement said.
Similarly, the University of California San Francisco paid a little over $1.1 million in 2020 to a hacker group called Netwalker, Bloomberg reported. The groups negotiated for roughly six days before reaching the deal, which was much lower than the $3 million Netwalker sought.
These types of attacks are common in the higher education sector. In a 2023 survey, 79% of colleges surveyed by Sophos said they experienced a ransomware attack. That’s up from 64% in 2022 and one of the highest rates of all industry sectors tracked.
These attacks most commonly resulted from exploited vulnerabilities, followed by compromised credentials and malicious email, according to Sophos.
In almost three-quarters of attacks, 73%, cybercriminals encrypted colleges’ data. Just 25% of surveyed institutions reported that they stopped the attack before data was locked down.
Of the higher education organizations whose data was encrypted, 35% also reported that it was stolen. Ransomware groups frequently threaten to publish stolen data as a way to make more money off their attacks.
Sophos found one silver lining — 100% of surveyed higher education institutions said they were able to get their data back. However, this can often become a weekslong process, especially if colleges pay a ransom.
Of the colleges who paid a ransom, 38% took at least a month to recover their data, compared to just 21% of those that used backups.