Sophos finds that education is paying more than original demands

Security Published 8th October 2024

Sophos has revealed that the median ransom payment made by educational organisations to ransomware perpetrators was $6.6 million for lower education (LE) and $4.4 million for higher education. In addition, the firm states that 55% of LE respondents and 67% of higher education organisations paid more than the initial demand.


► 95% of victims also had backups targeted

► Exploited vulnerabilities are leading root cause of attacks


The findings comes from the company’s annual The State of Ransomware in Education 2024 report. Sophos said that ransomware attacks are causing more of a strain as only 30% of victims surveyed in both LE and HE were able to fully recover in a week or less, down from last year’s 33% (LE) and 40% (HE). This is likely due to limited teams and resources.

Sophos finds that education is paying more than original demands

It also believes that ransomware attackers have upped the ante when it comes to getting paid. Compromising their victims’ backups is now a mainstream element of ransomware attacks, giving adversaries the opportunity to subsequently increase the ransom demand when it becomes clear that the data cannot be recovered without the decryption key.

Sophos said that 95% of respondents reported cybercriminals attempting to compromise their backups, with 71% being successful. This increases recovery costs, with the total bill coming in five times higher in lower education and four times higher in higher education.

Despite difficult dealings with ransomware, the overall attack rate dropped over the last year with 63% of LE and 66% of HE organisations being hit by ransomware attacks – down from 80% and 79%, respectively.

Exploited vulnerabilities were the leading root cause of attacks in education, providing cybercriminals with a way into the network for 44% of LE and 42% of HE ransomware attacks.

TD SYNNEX is a fully authorised Sophos distributor and our security practice can help you with every aspect of ransomware prevention and remediation. For more information, please contact the team by clicking the link below.

Contact The Team