{"id":23783,"date":"2024-01-24T14:10:10","date_gmt":"2024-01-24T22:10:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/01\/24\/news-17513\/"},"modified":"2024-01-24T14:10:10","modified_gmt":"2024-01-24T22:10:10","slug":"news-17513","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/24\/news-17513\/","title":{"rendered":"2024 State of Ransomware in Education: 92% spike in K-12 attacks"},"content":{"rendered":"\n

This article is based on research by Marcelo Rivero, Malwarebytes\u2019 ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, \u201cknown attacks\u201d are those where the victim did not<\/strong> pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.<\/em><\/p>\n

2023 was the worst ransomware year on record for Education: according to original ThreatDown research, the sector witnessed a staggering 70% surge<\/strong> in attacks in the past year, increasing from 129 incidents in 2022 to 265 in 2023.<\/p>\n

\n
Protect your school with the ThreatDown K-12 Bundle<\/strong><\/a><\/div>\n<\/p><\/div>\n
\"\"<\/figure>\n

The spike is further underscored by the increase in median monthly attacks. In 2022 there was an average of 11 attacks per month, but by 2023, this number leapt to 21\u2014marking an 91% uptick<\/strong> in monthly attacks. <\/p>\n

\"\"<\/figure>\n

Although the attacks were carried out by several ransomware gangs, two in particular were responsible for the lion\u2019s share of 2023 attacks (50%)\u2014LockBit and Rhysida<\/strong> (a rebrand of Vice Society). The data also shows that, while ransomware attacks against education are a global phenomenon, the US<\/strong> (with 80% of known attacks) and the UK<\/strong> (with 12%) were hit the most frequently attacked countries between January 2023 and December 2023.<\/p>\n

Let\u2019s break down attacks on the education sector by the ransomware gangs involved, the countries of target, and which gangs attacked which countries the most.<\/p>\n

The Threat Landscape<\/h2>\n

The top gangs that targeted the education sector between January 2023 and December 2023 include LockBit (60), Vice Society\/Rhysida (44)<\/strong>, CL0P (22), Medusa (17), and Akira (15). Together, these 5 gangs were responsible for about 81% of all Education ransomware attacks.<\/p>\n

\"\"<\/figure>\n

When we look at which gangs attack educational institutions most consistently<\/strong> (with attacks in at least six different months), however, the data tells a slightly different story. While top gangs such as CL0P and Royal may have targeted a significant amount of educational institutions, they tend to attack a majority of their victims in just one or two months.<\/p>\n

Again, LockBit and Vice Society\/Rhysida emerge as the most consistently prolific attackers against the Education sector. Notice too that Vice Society hasn\u2019t been active since June 2023\u2014the same month we witnessed the rise of Rhysida.<\/p>\n

\"\"<\/figure>\n

Geographic Distribution<\/h2>\n

When we break down education sector attacks by country, it becomes clear that the US and the UK have a huge target on their back. The US, however, bore the brunt of the onslaught, with 169<\/strong> reported attacks.<\/p>\n

\"\"<\/figure>\n

K-12 vs Higher Ed <\/h2>\n

In 2023, 43% <\/strong>of all ransomware in education attacks in 2023 targeted Higher Ed and 36% of attacks targeted K-12<\/strong>. <\/p>\n

Some of the most high profile attacks on Higher Ed and K-12 in 2023 include an attack against Western Michigan University<\/a>, which caused a 13-day service disruption, and against the Minneapolis School District<\/a>, which resulted in over 300,000 files leaked and a $1 million ransom.<\/p>\n

\"\"<\/figure>\n