Attack rates have declined, but recovery costs have more than doubled<\/h2>\n
63% of lower education and 66% of higher education organizations were hit by ransomware in the last year, a considerable decrease from the 80% and 79% reported in 2023, respectively. However, the attack rates in education remain higher than the global cross-sector average of 59%.<\/p>\n
![\"The](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/image1_e81e95.png\")
<\/p>\n
95% of educational organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. Of them, 71% were successful, which is the second highest rate of successful backup compromise across all sectors after the\u00a0energy, oil\/gas and utilities<\/em>\u00a0sector.<\/p>\n 85% of ransomware attacks on lower education and 77% on higher education organizations resulted in data encryption in the last year, slightly higher than 81% and 73%, respectively, reported in the previous year. For lower education, this is the second consecutive year of an increase in encryption rate, with only\u00a0state\/local government<\/em>\u00a0(98%) more likely to have data encrypted in an attack.<\/p>\n The mean cost in 2024 for lower education organizations to recover from a ransomware attack was $3.76M, more than double the $1.59M reported in 2023. Higher education organizations reported a mean cost of $4.02M, almost four times higher than the $1.06M reported in 2023.<\/p>\n On average, 52% of computers in lower education and 50% in higher education are impacted by a ransomware attack, slightly above the cross-sector average of 49%. Having a full environment encrypted is extremely rare. Only 2% of lower education organizations and 1% of higher education organizations reported that 91% or more of their devices were impacted.<\/p>\n 62% in lower education paid the ransom to get encrypted data back, while 75% restored encrypted data using backups. At the same time, 67% of higher education organizations paid the ransom to restore data, whereas 78% used backups.<\/p>\n Higher education reported the second-highest propensity to use backups for data restoration along with\u00a0state\/local government<\/em>\u00a0organizations. It also ranks second highest in the propensity to pay the ransom to restore encrypted data, whereas lower education organizations rank third.<\/p>\n The three-year view of the education sector reveals an increase in backup use. In 2023, higher education was among the bottom three sectors globally for backup use, jumping to second place in 2024, alongside\u00a0state\/local government<\/em>. Unfortunately, the propensity to pay the ransom has progressively increased for both lower and higher education organizations in the last three years.<\/p>\n A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). This time, 65% of lower education and 69% of higher education organizations that had data encrypted reported using more than one method, almost three times the rates reported in 2023 (23% in lower education and 22% in higher education organizations.)<\/p>\n 99 lower education and 92 higher education respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment in lower education was $6.6M last year. For higher education, the average (median) payment was $4.4M.<\/p>\n Only 13% of education victims said their payment matched the original request. 32% of lower education and 20% of higher education respondents paid less than the original demand, while 55% of lower education and 67% of higher education organizations paid more. Globally, higher education is the sector most likely to pay more than the original demand.<\/p>\nDevices impacted in a ransomware attack<\/h2>\n
![\"The](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/image2_cb5442.png\")
<\/p>\nThe propensity to pay the ransom has increased<\/h2>\n
![\"The](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/image3_3b7242.png\")
<\/p>\nVictims rarely pay the initial ransom sum demanded<\/h2>\n
![\"The](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/07\/image4_dbd1c0.png\")
<\/p>\n