Half of universities pay ransoms in hacking attacks

Payments to attackers do not shorten recovery times for compromised institutions, survey reveals

July 26, 2023

Twitter: @TWilliamsTHE

Source: iStock

More than half of higher education organisations that were the victims of ransomware attacks in the past year paid hackers to get their data back, according to a new report.

Cybersecurity firm Sophos polled 200 IT leaders based in institutions in 14 different countries. Of these, 79 per cent said they had been hit by ransomware – a steep increase from the 64 per cent who reported attacks in the 2022 survey, confirming fears that such incidents are becoming more prevalent.

The rate of attacks on education providers was higher than that of all the other sectors Sophos surveyed. The sector also reported one of the highest rates of ransom payment, although most say publicly they will never pay.

Among the HE respondents, 56 per cent said they had paid a ransom, but the report also found that those who did pay up said they had spent more on recovering from the attack and it had also taken longer.

Recovery costs when ransoms were paid, excluding the cost of the ransom itself, were $1.31 million (£1 million), versus $980,000 when data was recovered solely using backups. Seventy-nine per cent of those who used backups recovered within a month while only 63 per cent of those who paid the ransom recovered in the same time frame.

Looking at the root causes of the attacks, at 40 per cent “exploited vulnerabilities” was found to be the most common, followed by compromised credentials (37 per cent) and malicious email (19 per cent).

Chester Wisniewski, the field chief technical officer for research at Sophos, said education providers were often targeted because they were seen as “very highly visible targets with immediate widespread impact in their communities”.

A feeling of needing to “do something” and keep the doors open meant leaders feel “pressure to solve the problem as quickly as possible without regard for cost”, he said.

“Unfortunately, the data doesn’t support that paying ransoms resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals,” Mr Wisniewski added.

tom.williams@timeshighereducation.com

Read more about

Read more about:

Technology and new media

Register to continue

Why register?

Registration is free and only takes a moment
Once registered, you can read 3 articles a month
Sign up for our newsletter

Subscribe

Or subscribe for unlimited access to:

Unlimited access to news, views, insights & reviews
Digital editions
Digital access to THE’s university and college rankings analysis

Please or to read this article.

Related articles

Cyberattacks target UK universities ‘weekly’, survey reveals

Higher education institutions more likely to be targeted than other educational bodies

By Patrick Jack

19 April

A padlock with a hole in it

Our cybercrime story had a happy ending, but yours may not. Be vigilant

The theft of more than $800,000 by hackers prompted uncomfortable conversations about preparedness – or lack of it, says John Cox

6 April

Cyber attack

Phishing attack ‘highlights flaws in Chinese universities’ cybersecurity’

Separate breaches in one week trigger concerns over lack of awareness in the sector

16 July

Hacker fingers, illustrating essay mills’ infiltration techniques

University ‘will never pay ransoms’ despite darknet data leak

Duisburg-Essen has had to rebuild entire IT infrastructure and postpone admissions deadlines, although teaching and exams are able to continue

23 January

Sponsored