The number of successful ransomware attacks on the education sector increased 388% in the third quarter of 2020.
According to Emsisoft, the education sector reported 31 ransomware incidents in Q3 2020. That's a 388% increase over the 8 incidents that occurred in the previous quarter.
Nine of the 31 ransomware attacks disclosed in the third quarter of the year involved data exfiltration, a tactic which has become common with ransomware gangs over the past year.
This isn't the first time that security researchers documented an increase in ransomware attacks between the second and third quarters of the same year.
Looking back to 2019, for instance, Emsisoft found that the number of crypto-malware infections had grown from five in Q2 2019 to 51 a quarter later. That's a growth rate of 1,020%.
In analyzing these findings, Emsisoft reasoned that threat actors had likely spent weeks if not months within their victim's network waiting for the "right moment" in order to maximize the impact of their attacks.
As the security firm explained in its research:
In the education sector, the “right moment” is the start of the school year. Waiting for students to return to school in Q3 before deploying ransomware enables threat actors to inflict maximum chaos and apply greater pressure to districts, which may be more inclined to pay the ransom to quickly restore system access and minimize disruption. This strategy may have been particularly effective this year, with so many districts relying heavily on computer systems to facilitate distance learning in the wake of the pandemic.
These findings highlight the need for organizations in the education sector to share threat intelligence with one another so that they can stay on top of the latest ransomware threats targeting their industry.
They might also consider taking steps to prevent a crypto-malware infection from occurring in the first place. This resource is a good place to start.
