2024 State Of Ransomware In Education 92 Spike In K 12 Attacks

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

2023 was the worst ransomware year on record for Education: according to original ThreatDown research, the sector witnessed a staggering 70% surge in attacks in the past year, increasing from 129 incidents in 2022 to 265 in 2023.

6fafdfaf1fb94351e3f99d03b9ea802f6b34fe13c4f27e907181502b8420dfb4

The spike is further underscored by the increase in median monthly attacks. In 2022 there was an average of 11 attacks per month, but by 2023, this number leapt to 21—marking an 91% uptick in monthly attacks.

7eb82a96b4fe5992a309d9daae4827156dded473bf8396aaabe2598cb972c7a0

Although the attacks were carried out by several ransomware gangs, two in particular were responsible for the lion’s share of 2023 attacks (50%)—LockBit and Rhysida (a rebrand of Vice Society). The data also shows that, while ransomware attacks against education are a global phenomenon, the US (with 80% of known attacks) and the UK (with 12%) were hit the most frequently attacked countries between January 2023 and December 2023.

Let’s break down attacks on the education sector by the ransomware gangs involved, the countries of target, and which gangs attacked which countries the most.

The Threat Landscape

The top gangs that targeted the education sector between January 2023 and December 2023 include LockBit (60), Vice Society/Rhysida (44), CL0P (22), Medusa (17), and Akira (15). Together, these 5 gangs were responsible for about 81% of all Education ransomware attacks.

0d7fbc42d33ffefa6c9810fd397ef222d8a097675d5b8e0da66e35c67e89a20c

When we look at which gangs attack educational institutions most consistently (with attacks in at least six different months), however, the data tells a slightly different story. While top gangs such as CL0P and Royal may have targeted a significant amount of educational institutions, they tend to attack a majority of their victims in just one or two months.

Again, LockBit and Vice Society/Rhysida emerge as the most consistently prolific attackers against the Education sector. Notice too that Vice Society hasn’t been active since June 2023—the same month we witnessed the rise of Rhysida.

98b8dac3a20be0ce4469bc080105f09e773badd1834e22246ee8bdf29f3f1cb7

Geographic Distribution

When we break down education sector attacks by country, it becomes clear that the US and the UK have a huge target on their back. The US, however, bore the brunt of the onslaught, with 169 reported attacks.

8f14a8c1d5d85f88ec50239c29fed3d18d4340eadb096bd64c987ebd94c4490d

K-12 vs Higher Ed

In 2023, 43% of all ransomware in education attacks in 2023 targeted Higher Ed and 36% of attacks targeted K-12.

Some of the most high profile attacks on Higher Ed and K-12 in 2023 include an attack against Western Michigan University, which caused a 13-day service disruption, and against the Minneapolis School District, which resulted in over 300,000 files leaked and a $1 million ransom.

5e48bd62eb9e1d2065c059a224b988becccb4fe4794e2bce02ad1de4f1b8c259

Ransomware attacks on K-12 increased 92% between 2022 and 2023, with 51 attacks in 2022 and 98 total attacks in 2023.

107f668ee88bedc78141a187b8b21e7b7777bdb3fc9578e7180869b126034ea3

Ransomware attacks on Higher Ed increased 70% between 2022 and 2023, with 68 attacks in 2022 and 116 total attacks in 2023.

bb555d5c688b7138c5239a9e8086f7e6458303d66e0ee805c861d2ad49675a58

Looking Ahead

The reality is that tight budgets of many educational institutions force them to struggle with outdated equipment and limited staff, making education an easy target for ransomware gangs. To recap, our key findings include:

  • 2023 witnessed a worrying 70% rise in ransomware attacks on the education sector, increasing from 129 incidents in 2022 to 265.
  • The median number of monthly attacks surged by 91%, indicating a heightened and consistent threat throughout the year.
  • LockBit and Rhysida emerged as the primary attackers, responsible for about 50% of all attacks.
  • The US and the UK bore the brunt of ransomware in education attacks, with over 90% of all attacks being against these two countries.
  • Both K-12 and higher education institutions faced significant increases in attacks, with a 92% rise in attacks on K-12 and 70% in higher education, showing widespread vulnerability across all levels of the educational sector, but especially K-12.

Ready to shield your school against threats like LockBit and Rhysida?

The ThreatDown K-12 Bundle integrates AI-driven endpoint security, constant expert monitoring, comprehensive device management, and advanced mobile defense—all at a price that makes sense.


Original Source

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.