Education is Now the Top Sector for Ransomware Attacks

December 15, 2022

Cyberattacks constantly threaten organizations in every industry and the education sector is no exception. In fact, cyberattacks are gaining steam year after year as instances of breaches in schools and higher education facilities are widely reported around the globe. Compared to 2021, the education sector has experienced a 44% increase in cyberattacks this year, with an average of 2297 attacks against education sector organizations weekly. That pressure, especially from ransomware groups, has resulted in a storm of unpleasant outcomes for schools, parents and students. 


Get the guide that helps you detect dangerous BEC attacks & keep your company out of trouble. DOWNLOAD>>


Schools top the list of ransomware targets in Q3 2022


Educational institutions of every type were high on cybercriminal hit lists starting in 2020, and throughout 2021 and 2022, cybercriminals haven’t let up on the education sector.  If anything, cyberattack and data security pressures are getting worse for schools at every level. In fact, a recent Cisco report says that bad actors targeted educational institutions around the world the most in the third quarter of 2022, beating out other targets that are usually at the top of the list like telecommunications and the financial services sector.

Unfortunately, a combination of factors put educational institutions in the firing line. Most educational institutions struggle with a lack of resources and staff, and a cyberattack is the last thing they need. The damage of a cyberattack can be extremely detrimental to them due to disruptions to operations and financial losses. A cyberattack can also be the catalyst that forces a struggling school to close. Predominantly Black Institution (PBI) Lincoln College in Illinois shuttered in May 2022 following a ransomware attack in December 2021. Already suffering from declining enrollment, the cyberattack hit its systems for admissions, recruitment and retention, which played a crucial role in shutting down the 157-year-old college.


phishing in silver on a pink background on top of a skull and crossbones

Is your email security solution really getting the job done? This checklist helps you find out! GET CHECKLIST>>


Why are cybercriminals targeting educational institutions?


Akin to cybercrimes in other sectors, the primary reasons for attacking the education industry are financial gains and data thefts. Here are some of the reasons for cyberattacks on schools.

Increase in online learning: The onset of COVID-19 marked a significant shift in the education industry. Due to social distancing requirements, most educational institutes shifted to an online learning environment. While it helped schools run their operations, many schools needed more time to be ready for this abrupt change, which left several vulnerabilities in their systems. The K–12 Cybersecurity Center reported a record-breaking 408 incidents across 377 school districts in 40 states. 

Financial gain: Financial gains are the primary motive for almost every kind of cyberattack. In the case of a ransomware attack, it’s often less expensive from the school’s point of view to just pay the extortionists than undertake a long recovery process. Also, perenially cash-strapped education systems are unlikely to have the budget to ensure that they have up-to-date, comprehensive security and regular security awareness training, making them ripe for the picking for bad actors launching business email compromise (BEC) schemes.

Data theft: Institutions hold various student and staff data, including names, addresses, credit card numbers, social security numbers and other sensitive details. This information can be valuable to cybercriminals for many reasons, whether they plan to sell the information to the dark web or use it as a bargaining chip to extort money. Since 2005, K–12 school districts and colleges across the U.S. have experienced over 1,850 data breaches, affecting more than 28.6 million records.

Espionage: Several colleges and universities are centers for scientific, engineering and medical research and hold valuable intellectual property. Nation-state threat actors always look for ways to cripple their rival nations. And they are always looking for system vulnerabilities in institutes that keep valuable research data. During the hottest part of the global COVID-19 pandemic, before inoculations were available, nation-state threat actors were actively on the hunt for pandemic research and development data from drug companies developing treatments


See the state of email security in 2022 and the threats that should be on your radar in 2023. GET EBOOK>>


How do hackers attack education sector targets?


There are a variety of techniques that cybercriminals use against schools, but these are the most common.

Phishing: This is the most likely way for bad actors to launch cyberattacks on educational institutions. Scammers send emails, often posing as trusted entities or known brands, to trick their targets into divulging their credentials or downloading a malicious attachment, which compromises the school’s entire network.  Recently, the Floyd County school system in Georgia lost nearly $200k when they fell prey to a phishing attack. 

BEC: This is one of the most expensive and damaging cyberattack threats that schools face, and it can be especially devastating to budget-crunched public school systems. Like other businesses, schools and school systems deal with an array of vendors for professional services. Lax security and lack of training can lead to employees falling victim to BEC. The Manor Independent School District in Texas fell victim to a vendor fraud BEC scheme that resulted in a loss of a painful $2.3 million.

Ransomware: This is the biggest bugbear for schools in terms of immediate disruption. Bad actors know that schools cannot afford downtime that disrupts classes, especially if that school is supporting distance learning, making them more likely to fork over ransom money.  A ransomware attack in January 2022 forced the Albuquerque, New Mexico, public school system to close for two days. Ransomware is also a great way for bad actors to get their hands on valuable and sensitive information, like student personally identifiable information (PII). That’s what happened as a result of a ransomware attack on the Clark County school system in Nevada. 

Distributed Denial of Service (DDoS) Attack: DDoS attacks are one of the most common attacks on educational institutions. More often, the threat actors’ motive is to cause widespread disruption to the institute’s network, negatively affecting productivity. Even amateur cybercriminals can carry out DDoS attacks on educational venues as their network is often poorly protected. Many instances of DDoS attacks by disgruntled students and teachers have been reported in recent times. One particular example is a computer science student, Adam Mudd, who breached his college security system, leading to a network crash.


Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>


Graphus does not fall for phishing lures


Graphus is the world’s first AI-driven email security solution that automatically protects organizations from email-based ransomware attacks. The patented AI technology of Graphus creates a wall between organizations and cyberattacks, mitigating phishing attacks before it reaches their systems. It automatically monitors communication patterns between people, devices, and networks to reveal untrustworthy emails, making it a simple, powerful, and cost-effective automated phishing defense solution for companies of all sizes.

  • Graphus blocks 99.9% of sophisticated phishing messages before they reach an employee inbox.  
  • Puts 3 layers of protection between employees and dangerous email messages. 
  • Seamlessly deploys to Microsoft 365 and Google Workspace via API without big downloads or lengthy installs. 
  • Provides intuitive reporting to help you gain insights into the effectiveness of your security, level of risks, attack types, and more 

If you wish to know more about the Graphus platform, Book a demo here.  


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus