Mimecast: What You Need to Know About the Recent Ransomware Attacks on Schools

Across the world, ransomware attacks on schools and colleges are on the rise, with cyberattackers targeting educational establishments and authorities that are often little prepared for this type of cybersecurity breach. In many cases, highly sensitive and vital data has either been lost entirely or retrieved only after huge sums of cash have been handed over to those responsible for the attack.

Until recently, ransomware attacks commonly targeted corporations, small businesses, and individuals, but today, cybercriminals are increasingly focusing their efforts on teachers, educational administrators, and companies tasked with storing and archiving educational data. So, what has changed? Here, we explore what the education sector needs to know about ransomware attacks and why they are a growing threat.

Remote Learning 

Among the reasons for the increased number and veracity of ransomware attacks on schools is the rise of remote learning. Fueled by the COVID-19 pandemic, educational establishments were forced to move online as face-to-face classes were canceled and exams switched to virtual formats.

Suddenly, more educational data than ever before was being stored and shared. With little in the way of advanced protection, cyberattackers could more easily attack networks through the personal devices used by students and teachers.

Soft Targets 

Schools and other educational establishments are often seen as soft targets for ransomware attackers. Unlike large corporations and businesses with big cybersecurity budgets, the educational sector rarely employs experts, and IT teams are often spread thin.

The use of old software and hardware, combined with easily accessible technology for teachers and students, means that large volumes of sensitive data may be shared over unsecured networks. Often this provides an “easy win” for those with the knowledge and technology to employ ransomware attacks.

Big Budgets 

While budgets for cybersecurity may be small, total budgets for any given school year provided by educational authorities can be extremely large—sometimes running into the billions of dollars. From a ransomware attacker’s perspective, this means greater demands are more likely to be paid.

In fact, the highest total ransom demanded by cyberattackers to date sits at $40 million, and with average amounts paid by schools sitting at around $112,000, it’s clear that this particular sector can be highly lucrative.


Like other critical services such as hospitals, schools cannot afford to be offline for large periods. In addition, vital data associated with exam results or staffing is often time-sensitive, and when that data is held to ransom, educational authorities see the quickest resolution as meeting the demands of cybercriminals.

This means that ransomware attacks are more likely to be successful, and it is estimated that around 35% of educational organizations pay to recover their data rather than find other solutions.

Having identified these issues, schools and educational authorities must do more to combat ransomware attacks, particularly as remote learning grows, and technology becomes increasingly prevalent within educational settings. However, as awareness of ransomware attacks becomes common knowledge and schools become increasingly vigilant, staff and IT teams can protect their organizations through better cybersecurity practices and more robust approaches to online privacy.

Contact Information:

Name: Michael Bertini
Email: michael.bertini@iquanti.com
Job Title: Consultant

Full Name
Phone Number

  Spam Protection