Malwarebytes released a new report focused on the alarming uptick in ransomware attacks targeting the education sector. The 2023 State of Ransomware in Education shares fresh data and analysis about the threat actors targeting the nation’s schools.
In the last year, there were 190 known ransomware attacks against educational institutions, with many more that went unreported. More distressing, the second half of the last 12 months saw an 84% uptick in attacks, with education becoming the most attacked industry overall in the USA over the last 12 months.
The startling escalation of ransomware attacks paired with the struggle of schools to budget for and find cybersecurity talent tells a dire tale. Data from the 2022 CoSN Ed Tech Leadership Survey demonstrates that the availability of specialist cybersecurity positions continues to be low, only “a fifth (21%) of districts have a full-time equivalent employee dedicated to network security, the same percentage as the prior year.” An additional 33% of districts include cybersecurity responsibilities as part of another position in lieu of a full-time assigned staff member.
“Our schools and educational institutions are under attack from cybercriminals looking to take advantage of dispersed endpoints and often limited IT staff and cybersecurity budgets,” said Robert Elworthy, Senior Solutions Engineer for Education, Malwarebytes. “The cybersecurity industry must step up to help schools and students by providing effective, easy-to-use solutions that can secure devices and data from today’s sophisticated and targeted threats.”
Education: A Vice Society Target
The Vice Society ransomware gang is known to focus on education organizations, targeting almost half of its activity (43%) against the sector.
“Like all ‘big game’ ransomware attacks, a Vice Society attack is not directed at an individual computer but instead uses encryption and data theft to compromise an entire organization,” said Mark Stockley, Cybersecurity Evangelist, Malwarebytes. “Attackers may work for several days, or even weeks, inside a victims’ network before running their ransomware. Because Vice Society may be active on a network for days before running a ransomware locker, it is not enough to simply stop the locker. By the time it’s run, its operators will already have stolen data, taken steps to cover their tracks and will likely have sufficient access to a network to retry their attack.”
Organizations need to ensure that a security analyst is able to review the path of the attack, close the open access point or vulnerability and eject their tools, account access and backdoors. Malwarebytes offers a managed 24/7/365 service, Malwarebytes MDR, to assist organizations that lack the resources for a fully staffed Security Operations Center (SOC).