Schools, Universities Now Leading Targets of Ransomware Attacks

Education Policy Brief #54 | By: Lynn Waldsmith | July 25, 2022

Header photo taken from: Shutterstock




Follow us on our social media platforms above

Browse more education policy briefs from the top dashboard

Screen Shot 2022 07 28 at 12.57.16 AM
Education may have gone online, but security systems haven’t kept up.

Photo taken from: Dale Crosby Close / Politico

Policy Summary

A new viral threat known as ransomware is attacking schools and universities throughout the country. According to security company Sophos, 64 percent of higher education institutions and 56 percent of K-12 schools were struck by ransomware last year.

According to the company’s State of Ransomware in Education 2022 report, that means an average of 60 percent across the education sector overall, up from 44 percent in 2020.

Schools, whose administrators, teachers and students are already weary from fighting COVID-19, are now the most popular targets of ransomware attacks, according to the FBI. While the average ransom is about $50,000, the biggest demands have topped $1.4 million. And the total cost of cyberattacks targeting the education sector is difficult to estimate because many schools don’t report attacks. Many schools only publicly acknowledge a breach when their systems are disrupted or student data is lost.

Ransomware is a type of malicious software that infects computer servers, desktops, laptops, tablets and smartphones, often spreading across a campus from one device to another. Once it infects a system, the virus quietly encrypts every data file it finds, then displays a ransom note to the user. The extortion message usually demands an online payment in some untraceable cryptocurrency like Bitcoin in return for the decryption keys needed to restore the users’ locked files. 

The demand often includes a series of deadlines for payment: each missed deadline leads to a higher ransom demand and perhaps some destroyed files. If the victim doesn’t pay up, the attacker discards the decryption keys, making the data permanently inaccessible.

Policy Analysis

Ransomware attacks  can be extremely costly, whether ransomware is paid or not. These cyberattacks can lock down key systems, shut down schools, and prevent teachers from accessing lesson plans and student data. The costs to restore computer systems, recover data, and shore up systems to prevent future attacks can be astronomical.

IT professionals in higher education also report the slowest recovery times from ransomware attacks. Colleges and universities, on average, take twice as long as organizations in other industries to recover — 40 percent took over a month, 31 percent took one to three months and 9 percent recovered from a ransomware attack in a three-to-six-month period, according to Sophos.

Lincoln College is an example of a worst-case scenario. After being attacked with ransomware in December of 2021, the 157-year-old historically black Lincoln College announced in May that it was shutting down permanently. While the college was already coping with declining enrollment, the impact of the attack and paying the hackers a ransom fee struck the final blows.

The education sector itself is also to blame for being such a tempting target for cybercriminals. 

First, students often engage in risky online behaviors that expose them to ransomware attacks, such as treating email attachments without appropriate wariness, and visiting unsecure websites. 


erepublic.brightspotcdn 1
Lincoln College closure is just another ransomware milestone; the predominantly Black college in Illinois closed their doors in May as a result of COVID-19 and cyber attack disruptions having severely impacted the college’s previously low enrollment.
Who’s next?

Photo taken from: / Mark Gordon / Lincoln College

(click or tap to enlargen)

Second, the highly open and interconnected nature of campuses and “bring your own device” educational cultures open up multiple points of malware infiltration and make it difficult to secure the entire network. 

Third, a lack of cyber policies for using a network and making sure they’re adhered to are contributing factors.

Perhaps one of the biggest problems educational institutions are facing is a lack of money and resources. This makes it difficult to fund IT security investments; the education sector generally lags well behind industries like finance, retail, healthcare, energy and government in its ability to protect its tech infrastructure.

Schools and universities are encouraged to educate students, faculty and staff on the techniques that ransomware distributors use, teaching them to be wary of the email links they click on, websites they visit, and attachments they open. IT departments need to segment networks to make it harder for ransomware to spread from system to system, keep anti-malware software up-to-date, and fix known vulnerabilities in operating systems and applications as quickly as possible.

But paying the ransom is never a good idea. According to law enforcement and security experts, over half of ransomware victims who pay do not successfully recover their files. Routine, frequent backup remains the most foolproof defense against ransomware: if your systems are compromised, you can simply identify the onset of the attack and restore your systems from clean backups created before the attack.

Engagement Resources​

Click or tap on resource URL to visit links where available 


“The State of Ransomware in Education 2022” (key findings):

“The State of Ransomware in Education 2022” (full report):

20 0925 seal cisa 500

Cyber Threats to K-12 Remote Learning Fact Sheet:


Free ransomware decryption tools:

Subscribe Below to Our News Service

Pin It on Pinterest

Share This