More than half of higher education organisations that were the victims of ransomware attacks in the past year paid hackers to get their data back, according to a new report.
Cybersecurity firm Sophos polled 200 IT leaders based in?institutions in 14 different countries. Of these, 79 per cent said they had been hit by ransomware – a steep increase from the 64 per cent who reported attacks in the 2022 survey, confirming fears that such incidents are?becoming more prevalent.?
The rate of attacks on education providers was higher than that of all the other sectors Sophos surveyed. The sector also reported one of the highest rates of ransom payment, although?most say publicly they will never pay.
Among the HE respondents, 56 per cent said they had paid a ransom, but the report also found that those who did pay up said they had spent more on recovering from the attack and it had also taken longer.
Recovery costs when ransoms were paid, excluding the cost of the ransom itself, were $1.31 million (?1 million), versus $980,000 when data was recovered solely using backups. Seventy-nine per cent of those who used backups recovered within a month while only 63 per cent of those who paid the ransom recovered in the same time frame.
Looking at the root causes of the attacks, at 40 per cent “exploited vulnerabilities” was found to be the most common, followed by compromised credentials (37 per cent) and malicious email (19 per cent).
Chester Wisniewski, the field chief technical officer for research at Sophos, said education providers were often targeted because they were seen as “very highly visible targets with immediate widespread impact in their communities”.
A feeling of needing?to “do something” and keep the doors open meant leaders feel “pressure to solve the problem as quickly as possible without regard for cost”, he said.
“Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals,” Mr Wisniewski added.