Ransomware May Have Cost US Schools Over $6bn in 2020


Scores of ransomware attacks on US schools and colleges last year may have cost them over $6bn, according to a new report published today.

Security testing site Comparitech analyzed the 77 attacks reported by educational institutions nationwide in 2020 and calculated the cost to these victims from estimated downtime and recovery time.

Rransom costs are difficult to gauge given most schools kept their payments secret. However, the research team was able to work out average downtime (seven days) and recovery time (55.4 days) from roughly half of all incidents.

It then applied a third-party 2017 estimate for the cost of downtime averaged across 20 sectors.

While the eventual figure of $6.6bn for total downtime cost in 2020 is speculative, it can be used to provide interesting comparisons with 2019 ($8.2bn) and 2018 ($623.7m).

Comparitech claimed that 2020 saw 1,740 schools and colleges and potentially 1.4m students affected, an increase of 39% and 67% respectively on 2019 figures. This is despite the actual number of attacks in 2020 coming in 20% lower than the figure for the previous year.

“This suggests hackers targeted larger school districts with bigger annual budgets, hoping to cause greater disruption and increase their ransom payment demands,” Comparitech argued.

“This trend looks as though it has continued in 2021, too, exemplified by the bizarre $40 million ransom request made to Broward County Public Schools in April.”

Ransom demands in 2020 varied dramatically from just $10,000 to over $1m, although the researchers were only able to find mention of these for nine out of the 77 attacks it analyzed.

From January 2018 to June 2021, Comparitech logged 222 separate ransomware attacks on US schools and colleges, impacting 3,880 schools and nearly three million students.

Downtime alone is estimated to have cost these victim organizations over $17.3bn, with recovery costs adding millions, if not billions, to the total, it said.

Products You May Like

Articles You May Like

Serious Security: Verification is vital – examining an OAUTH login bug
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
Serious Security: That KeePass “master password crack”, and what we can learn from it
MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…
Nigerian Cybercrime Ring’s Phishing Tactics Exposed

Leave a Reply

Your email address will not be published. Required fields are marked *