top of page

Malwarebytes Research: Education Sector Hit by Record High Ransomware Attacks in 2023

The education sector experienced its worst year on record for ransomware attacks in 2023, with a 70% surge from the previous year, according to the latest ThreatDown research by Malwarebytes. This alarming increase, which saw attacks rise from 129 incidents in 2022 to 265 in 2023, indicates a growing threat to educational institutions.

Significant Uptick in Monthly Attacks

The frequency of attacks has also risen sharply, with the median number of monthly attacks jumping from 11 in 2022 to 21 in 2023. This marks an 91% increase in monthly ransomware attacks, underscoring the escalating threat to the education sector.

Dominant Ransomware Gangs and Geographic Targets

The research identified LockBit and Rhysida (formerly known as Vice Society) as the major perpetrators, responsible for approximately 50% of the attacks in 2023. While the US faced 80% of these attacks, the UK was also significantly targeted, accounting for 12% of the known attacks.

Breakdown of Attacks by Ransomware Gangs

The five top ransomware gangs targeting the education sector in 2023 were LockBit, Vice Society/Rhysida, CL0P, Medusa, and Akira, collectively responsible for about 81% of all attacks. Interestingly, while some gangs like CL0P and Royal targeted educational institutions significantly, their attacks were mostly concentrated in one or two months.

US and UK – Prime Targets

The US, with 169 reported attacks, was the most heavily targeted country, followed by the UK. This geographic distribution highlights the significant risk that these two nations' educational institutions face from ransomware attacks.

K-12 and Higher Education Impact

In 2023, the ransomware attacks were almost evenly split between K-12 and higher education institutions. K-12 schools saw a 92% increase in attacks, while higher education institutions experienced a 70% rise. Notable incidents included a disruptive attack on Western Michigan University and a significant data leak at the Minneapolis School District, highlighting the severe impact of these attacks.

The Challenge Ahead

Educational institutions, often operating with tight budgets, outdated equipment, and limited staff, are becoming increasingly vulnerable to ransomware gangs. The need for effective and affordable cybersecurity solutions has never been more critical.

To combat these threats, the ThreatDown K-12 Bundle offers AI-driven endpoint security, constant monitoring, comprehensive device management, and advanced mobile defense, tailored to fit educational budgets. This comprehensive approach is essential to shield schools from sophisticated attackers like LockBit and Rhysida.

The report concludes that the education sector's cybersecurity posture must be strengthened to counter the growing threat of ransomware attacks, which have shown no signs of slowing down.


bottom of page