Ransomware attacks on the education sector have more than doubled in the last 12 months, according to new threat spotlight research by Barracuda Networks.
It seems that cyber-criminals are looking to exploit the disruption caused by the COVID-19 pandemic, since recorded attacks on education providers have soared from 6% in 2019 to 15% this year. Healthcare industries have also seen a surge in attacks, rising from 21% of all global attacks last year to 23% in 2020.
The logistics market is also at risk, with six notable ransomware attacks being observed in the last 13 months. Such breaches can have serious societal consequences, impeding the ability to transport goods such as medical equipment and PPE, as well as everyday products.
Furthermore, local governments are the most likely targets for ransomware attacks. The recent study evaluated 71 global ransomware breaches in just over nine years, uncovering that 44% of all observed ransomware attacks this year alone have been aimed at municipalities.
Fifteen percent of these local governments are confirmed to have offered ransomware payments; a considerable rise from 2019 when almost no local governments made ransom payments. In one high-profile incident, a ransomware attack on Redcar and Cleveland council’s computer system reportedly cost the local authority £10.4m.
Of all analysed cases, 14% were confirmed to have paid the ransom, with the average payment amounting to around £1,260,000.
Fleming Shi, CTO of Barracuda Networks, commented: “The quantity of ransomware attacks facing all types of organisations have been growing rapidly in recent years, having been spurred on by complicated geopolitical circumstances, more recently the coronavirus pandemic, and the fact that ransom payments from corporations and municipalities are becoming more common.
“Combatting the issue requires blocking the threat from the source, using advanced inbound and outbound security techniques that go beyond the traditional gateway. This includes using machine learning-enabled software to close the technical and human error gaps often found in an organisation,” he added.
“Other techniques such as subscribing to IP blacklists, using firewalls and malware detection, implementing user-awareness training, and utilising data backup solutions, are all very effective and strongly advised.”