Nairobi News


Ransomware attacks hitting learning institutions hard, global report shows

Schools and universities are facing an unprecedented level of ransomware attacks as incidents continue to severely impact the education sector, a global report has shown.

The report on the state of ransomware in education 2022 by Sophos, also shows an increasing number of cyberattacks targeting public, private, international schools, colleges and universities with 60 per cent suffering attacks in 2021 compared to 44 per cent in 2020.

The report suggests there is an increased threat of ransomware attacks against education and which has been attributed to lack of strong cybersecurity defences and the goldmine of personal data translating to high amounts of money paid to the criminals to restore the data.

The sharp increase in cyber-attacks happened during the Covid-19 pandemic period when more learning institutions opted for virtual classes during the lock down period. The switch to remote education led to a big rise in the use of remote desktop protocol, which can provide ransomware attackers with a route into networks.

Cyber criminals can send out phishing emails to steal usernames and passwords, which they can use to enter networks via legitimate user accounts. It’s also possible for cyber criminals to use brute-force attacks to break into accounts that use common or previously breached passwords.

“This underlines the importance of basic security controls being in place, such as protections against brute-force attacks,” the report says.

While the threat posed by ransomware and other cyberattacks to higher education is well known, some institutions are struggling, particularly when IT and information security teams are hamstrung by a lack of resources. The report says that both lower and higher education institutions pay Sh187.2 million and Sh168.3 million respectively to restore data, compared to the global average of Sh165.9 million.

“Educational institutions are also caretakers of vast amounts of personally identifiable information (PII) that can be monetised by criminals. These factors provide enough incentive for criminals to take advantage of this sector,” said Chester Wisniewski, principal research scientist at Sophos.

“Considering the encrypted data is most likely confidential student records, the impact is far greater than what most industries would experience. Even if a portion of the data is restored, there is no guarantee what data the attackers will return, and, even then, the damage is already done, further burdening the victimised schools with high recovery costs and sometimes even bankruptcy.”