Skip to content

A troubling new trend is emerging on campuses

This year, a Sophos survey of hundreds of institutions revealed that 64% of higher ed institutions were hit by ransomware in the last year. The number represents a significant increase from the 44% that reported an attack in 2021. 

So far, the attacks have had a sizable impact. Recent Comparitech research notes that ransomware hit 954 schools and colleges in 2021, potentially impacting over 950,000 students. Their cost estimate for the attacks? A staggering $3.56 billion in downtime alone. 

The statistics for ransomware are particularly grim in education:

  • While most organizations regained some of their data after paying the ransom, only 2% regained it all.
  • On average, schools lost four days to downtime and spent nearly a month recovering from an attack.
  • Attackers’ encryption success has been significantly higher than average in schools, with 74% of attacks successful in higher ed compared to the global rate of 65%.

Below, we’ll discuss the growth of ransomware attacks in education. We’ll explore a few reasons why colleges and universities are being targeted so relentlessly, and we’ll suggest a solution to mitigate attacks.

Ransomware attacks in schools: an alarming rise

While higher ed may not seem like a valuable target for cybercriminals, attacks have been rising precipitously. In January 2020, a ransomware attack at Dundee and Angus College in Scotland impacted the entire digital infrastructure of the college. They had to rebuild their core systems from scratch. Meanwhile, in June 2020, the University of California, San Francisco, paid $1.1 million to attackers to regain access to their servers. And in 2022, North Carolina A&T State University, North Orange County Community College District, Ohlone Community College District, and Midland University all reported significant ransomware attacks.

The combined effects of the pandemic and a December 2021 ransomware attack even forced Lincoln College, a historically Black college in Illinois, to permanently close.

What makes colleges so vulnerable to ransomware?

At ShardSecure, we sometimes like to quote Willie Sutton. Upon being asked why he robbed banks, Sutton responded "because that’s where the money is."

Ransomware attackers target colleges and universities because that’s where the sensitive information is. Education institutions are a repository of highly sensitive and confidential material, from student grades and medical records to tuition information and payroll, that must be protected. 

Ransomware can also paralyze schools’ critical operations, leaving victims willing to try almost anything to get their data back. Losing access to vital data can disrupt time-sensitive operations like college admissions and matriculation, which can in turn cause huge financial damage. That’s just what attackers want. 

If that wasn’t enough, universities also have several unique vulnerabilities that make them ideal targets for cybercriminals.

Lack of security protocols, presence, and funding

Many universities' security protocols are inconsistent across their individual schools and departments. As the 2022 Sophos report bluntly put it, "the education sector is poorly prepared to defend against a ransomware attack, and likely lacks the layered defenses needed to prevent encryption if an adversary does succeed in penetrating the organization."

Cybersecurity also represents a significant expense that does not return any direct revenue. Additionally, universities have much longer vacations than most organizations. Ransomware attackers are notorious for striking during school vacations to maximize damage while IT staff are away. 

The net result? Underfunded and underdeveloped security systems that can’t withstand ransomware.

The human element

Human error is still the biggest factor in data security incidents, with a 2020 report from Stanford researchers noting that 88% of data breaches involve human error. But with education institutions, the potential for error is compounded.

 Like adults, students often use their own devices, access unsecured public Wi-Fi, and may not be aware of phishing scams. However, younger users may be more unconcerned with online security. They may also be likely to act impulsively — and that includes clicking on ransomware.

What can higher ed do about ransomware?

Like any other organization, colleges and universities can take steps to improve their ransomware preparedness and defense plans. For instance, institutions might invest in: 

  • Data security solutions, including anti-malware software and backup-as-a-service
  • Network segmentation
  • Multi-factor authentication
  • Regular security audits
  • Cybersecurity insurance
  • Zero-trust architecture
  • Unifying IT services across schools in a district or departments in a college
  • Providing security education and training for staff, faculty, and students
  • And more

Neutralize ransomware with ShardSecure

The ShardSecure platform mitigates ransomware by rendering confidential information — from student records to payroll — unintelligible and of no value to unauthorized users. This prevents ransomware attackers from publishing sensitive data in a double extortion ransomware attack. 

The ShardSecure platform also offers high availability, multiple data integrity checks, and self-healing to detect tampering and automatically reconstruct affected data. This means that data can be restored when it’s tampered with, deleted, or encrypted by ransomware.

Contact us today to learn more about how ShardSecure can help universities mitigate ransomware and keep class in session.


The State of Ransomware in Education 2022 | Sophos

Ransomware Attacks on US Schools and Colleges Cost $3.56bn in 2021 | Comparitech

A Cyberattack Hits the Los Angeles School District, Raising Alarm Across the Country | NPR

A Cyberattack in Albuquerque Forces Schools to Cancel Classes | NPR

Ransomware Attack: What We Learned and How We Recovered | JISC

The University of California Pays $1 Million Ransom Following Cyber Attack | Forbes

Cyberattacks Pose ‘Existential Risk’ to Colleges — and Sealed One Small College’s Fate | Forbes

Ransomware Attack Shutters 157-Year-Old Lincoln College | CBS News

How Colleges & Universities Can Prevent Ransomware Attacks | UpGuard

North Carolina A&T Hit With Ransomware After ALPHV Attack | The Record

Stanford Research: 88% Of Data Breaches Are Caused By Human Error | KnowBe4