Sophos advises institutions on encrypted data

Cybersecurity solutions firm, Sophos, has said that the education sector, which prior to this time was the hotbed for cyber criminals, has turned things around and strengthened measures against ever-rising Ransomware attacks.

Sophos, in its fifth yearly State of Ransomware in Education report, released yesterday, said the global study of 441 IT and cybersecurity leaders showed the education sector was making measurable progress in defending against ransomware, with fewer ransom payments, dramatically reduced costs, and faster recovery rates.

Yet, these gains, according to the firm, are accompanied by mounting pressures on IT teams, who report widespread stress, burnout, and career disruptions following attacks. Nearly 40 per cent of respondents reported dealing with anxiety.

Over the past five years, ransomware has emerged as one of the most pressing threats to education, with attacks becoming a daily occurrence. Primary and secondary institutions are seen by cybercriminals as “soft targets”, often underfunded, understaffed, and holding highly sensitive data.

The consequences are severe: disrupted learning, strained budgets, and growing fears over student and staff privacy. Without stronger defences, schools risk not only losing vital resources but also the trust of the communities they serve.

The new Sophos study demonstrated that the education sector was getting better at reacting and responding to ransomware, forcing cybercriminals to evolve their approach.

Trending data from the Sophos study revealed an increase in attacks where adversaries attempt to extort money without encrypting data. Unfortunately, it noted that paying the ransom remained part of the solution for about half of all victims.

However, according to the study, the payment values are dropping significantly, and for those who have experienced data encryption in ransomware attacks, 97 per cent were able to recover data in some way.

The study found several key indicators of success against ransomware in education to include stopping more attacks, following the money, and plummeting cost of recovery.

Outside of ransom payments, average recovery costs dropped 77 per cent in higher education and 39 per cent in lower education. Despite this success, lower education reported the highest recovery bill across all industries surveyed.

While the education sector has made progress in limiting the impact of ransomware, serious gaps remain. In the Sophos study, 64 per cent of victims reported missing or ineffective protection solutions; 66 per cent cited a lack of people (either expertise or capacity) to stop attacks; and 67 per cent admitted having security gaps. These risks highlight the critical need for schools to focus on prevention, as cybercriminals develop new techniques, including AI-powered attacks.

Director, CTU Threat Research, Sophos, Alexandra Rose, said: “Ransomware attacks on schools are among the most disruptive and brazen crimes. It’s encouraging to see schools getting better at responding and recovering, but the real opportunity is to stop attacks before they start. Prevention, backed by strong incident response planning and collaboration with trusted public and private partners, is essential as adversaries adopt new tactics, including AI-driven threats.”