Ransomware attacks on education continue to rise, report shows

A report published Tuesday by the cybersecurity firm Zscaler shows that ransomware threats are growing fastest in the health care and education sectors.

The San Jose, California, firm’s report shows that ransomware attacks in the United States increased 18% overall between 2023 and 2024. Researchers found that educational institutions — a group that includes K-12 districts and higher education — faced 217 ransomware attacks over the year studied, a 35% increase over the previous year.

Researchers also uncovered a shift in cybercriminals’ tactics: The number of ransomware victims whose data was listed on leak sites grew by nearly 58%. The report also notes a rise in the prevalence of voice phishing, or vishing attacks, along with the availability of ransomware-as-a-service, a canned product that enables would-be cybercriminals with minimal technical skills to carry out attacks.

“Ransomware defense remains a top priority for CISOs in 2024,” Deepen Desai, Zscaler’s chief security officer said in a press release. “The increasing use of Ransomware-as-a-Service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks, and the emergence of AI-powered attacks, has led to record breaking ransom payments.”

The report shows that the United States also sustains a plurality of ransomware attacks worldwide, accounting for 50% of those counted by the firm. The next nearest country, the United Kingdom, accounted for 6% of ransomware attacks globally.

Zscaler offered several tips to stop ransomware, including minimizing networks’ attack surfaces and preventing lateral movement on networks through zero-trust architecture.