Rise of Ransomware Attacks on Educational Institutions

Date: 13 February 2023

Featured Image

No industry or sector is safe from cyber attacks — including the education sector. Unfortunately, more and more educational institutions and school districts are falling victim to a specific type of cyber attack — ransomware

The Cybersecurity and Infrastructure Security Agency defines this ransomware as “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”

As one of the top cybersecurity threats, ransomware causes damage not only to a school’s reputation, but also their bottom line. A ransomware attack costs an average of $112,000 in ransom payments and another staggering $2.7 million for the total cost of the attack, according to Forbes. Plus, the time to recover from ransomware infection can often take days, weeks — or even months.

Recent Ransomware Attacks in Education

Modern ransomware attackers are taking aim at not only colleges and universities, but also K-12 schools and educational programs.  

In November 2022, schools in Jackson County and Hillsdale County in Michigan were closed for several days following a ransomware attack. In December 2022, the school system in Little Rock, Ark. allegedly decided to pay the ransom of $250,000 to hackers to end the attack on the district.

A map of ransomware attacks on higher educational institutions in the United States from 2018 to mid-May 2022 from Comparitech shows “954 separate schools and colleges were potentially affected” with the overall estimated cost of attacks around $3.56 billion. f.hubspotusercontent40.nethubfs1602894Ransomware Attack (1)

A ransomware attack even contributed to the closure of Lincoln College in 2021, which had been in operation since 1865. Other institutions that were targets of major ransomware attacks in 2022 include the North Carolina AT&T State University, Ohlone Community College and Midland University.

Reasons for Rise in Ransomware Attacks on the Education Sector

The transition to remote and hybrid learning due to COVID-19 contributed to an overall increase of cyber threats. While incidents of ransomware affect businesses and organisations of all kinds, more and more school districts and higher education institutions are being targeted. This is particularly worrying as students and young adults at the cusp of their careers get affected. Further, the sensitive data at risk is that of children, students and teachers, an already highly vulnerable group. 

According to a report from Verizon, one of the major reasons is that school districts lack “the sophisticated defenses and resources” compared to financial institutions or larger businesses. “Schools often have older IT systems that are more susceptible to intrusion. They have limited time for training, leaving employees more vulnerable to phishing emails. And they have hundreds of children using computers.”

Plus, schools and educational institutions house all types of important personal data, like names, contact information, social security numbers, and financial records.

The report goes on to explain: “When they are attacked, schools usually have limited options for data recovery, leaving them more likely to succumb to a ransom demand. And they have a pressing need to remain open, as well as political pressure to respond quickly to fix the problem.”

New call-to-action

How Schools & Institutions Can Protect Themselves

On the national level in the U.S., the Department of Education coordinates cybersecurity efforts and related guidance for K-12 schools with federal agencies such as the Department of Homeland Security and the Federal Bureau of Investigation. But much of the training and education falls to the state or local school district.

Some of the basic hygiene steps that educational institutions can take to avoid ransomware attacks include:  

  •     Limit Internet-facing services
  •     Ensure protection of privileged access 
  •     Provide high-quality cybersecurity training for both employees and students
  •     Keep software and Internet-based devices up to date
  •     Implement multi-factor authentication

147872314_m (1)

 You might also want to use FREE resources such as the below to be prepared against ransomware attacks and control the damage if/when you do get hit: 

  1. Ransomware Readiness Checklist
  2. Ransomware Response Workflow 
  3. Ransomware Response Checklist

Some colleges and universities, and even larger school districts, are hiring cybersecurity specialists who can help them bolster their cybersecurity maturity and help prevent these types of attacks. For example, a recent search on LinkedIn revealed more than 2,000 cybersecurity-related job postings in higher education.

If there isn’t a budget for a full-time cybersecurity expert, schools often opt for remote and flexible arrangements like those offered by Cyber Management Alliance’s Virtual Cyber Assistant service

Here are some additional recommendations to schools, colleges and universities:

  • Make an effort to prioritise and allocate funds for cybersecurity education and prevention (personnel, training, etc.)

  • Purchase Cybersecurity Insurance

  • Back up important data

  • Install anti-virus or anti-malware software

  • Implement virtual private networks

  • Keep all applications and operating systems up to date

  • Embrace the mentality of “be proactive, not reactive”

  • Create a Student Records Retention Policy 

New call-to-action



Cyber attacks are on the rise in education, and the effects can be significant and detrimental. The good news is that more and more colleges, universities and school districts are recognizing the value in cybersecurity education and training.

Implementing best practices, prioritising cybersecurity training and awareness — and if the budget allows, hiring the appropriate personnel — are simple but important steps that will help keep education data and personal information safe and secure.

New call-to-action

About the Author: Michelle Moore

Michelle Moore, Ph.D., is an academic director and professor of practice for the University of San Diego’s innovative online Master of Science in Cyber Security Operations and Leadership program. She is also a researcher and author with over two decades of private-sector and government experience as a cybersecurity expert. 

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • Or call us on:
  • +44 (0) 203 189 1422