Education sector sees sharp drop in ransom payments, but staff stress persists -Report
This decline contrasts with the past five years, when ransomware was one of the most serious threats to the education sector, with attacks occurring almost daily.
Ransomware attacks in schools have eased, yet the strain on IT teams remains a major concern, a recent report by cybersecurity firm Sophos shows.
The State of Ransomware in Education 2025 study indicates that ransom demands targeting schools have dropped to just $697,000 (Sh90 million), the lowest across all sectors surveyed. This marks a sharp decline from previous years, when educational institutions were frequent targets of cybercriminals.
More To Read
- Ruto reserves 20 per cent of affordable housing units for teachers
- From classrooms to shelters: Gaza children face third year without education
- MPs demand probe into Sh373m stalled amphitheatre project at University of Eldoret
- Funding cuts could push six million more children out of school, warns UNICEF
- KUPPET demands release of capitation funds amid cash crunch in schools
- 1,200 arrested, Sh12 billion seized in major Interpol cybercrime crackdown across Africa
Schools are now experiencing fewer ransom payments, faster recoveries, and lower overall costs after attacks.
However, these improvements come at a high personal cost for IT staff, who report widespread stress, burnout, and disruption to their careers, with almost 40 per cent admitting to anxiety following attacks.
“Median ransom demands in education fell sharply, from $3.85 million (Sh497.4 million) to $1.02 million (Sh138.8 million) in lower education, and from $3.55 million (Sh456.67 million) to $697,000 (Sh90 million) in higher education, among the lowest demands across all industries surveyed,” the report states.
This decline contrasts with the past five years, when ransomware was one of the most serious threats to the education sector, with attacks occurring almost daily.
Alexandra Rose, director of Sophos’ counter threat unit, explained that the effects of these attacks go beyond classrooms.
“Ransomware attacks in education don’t just disrupt classrooms, they disrupt communities of students, families, and educators,” she said.
Rose emphasised that while schools are improving their response to incidents, prevention must remain the main goal.
“While it’s encouraging to see schools strengthening their ability to respond, the real priority must be preventing these attacks in the first place. That requires strong planning and close collaboration with trusted partners, especially as adversaries adopt new tactics, including AI-driven threats,” she added.
Lower education institutions that paid ransoms are now settling for less than last year. Data from 34 schools shows they paid roughly 84 per cent of the initial demand, down from 115 per cent in 2024.
The report highlights shifts in negotiations: 41 per cent of affected schools paid less than the original amount, 18 per cent paid more, and 41 per cent met the exact sum requested.
Across sectors, state and local governments paid the highest averages at $2.5 million (Sh321 million), reflecting urgent service needs and limited cyber resilience. Healthcare providers recorded the lowest average payments at $150,000 (Sh19.3 million).
Top Stories Today
