Ransomware attacks in education remain steady amid rising threats elsewhere in 2025

Despite a global surge in ransomware activity in 2025, the education sector experienced only marginal increases, highlighting evolving attacker priorities and improved defensive strategies amidst growing third-party risks and operational pressures.

Global ransomware activity climbed sharply in 2025, yet the education sector did not see the same steep rise as other industries, according to recent analyses. While cybersecurity researchers recorded a significant year-on-year increase in incidents overall, attacks affecting schools, colleges and universities grew only marginally, suggesting a pause rather than a retreat in the threat landscape.

Comparitech’s dataset showed that many sectors experienced strong growth in extortion attempts last year, with businesses and manufacturing among the hardest hit. The research firm counted thousands of incidents globally and attributed the differing pace of attacks on education partly to shifting attacker priorities and heightened defensive measures following high-profile breaches.

At the same time, the amounts demanded by attackers fell across industries. Independent reporting and sector studies indicate that median and average ransom figures have come down materially from 2024 levels, a trend visible in both lower and higher education. Despite smaller demands, a substantial share of organisations continued to pay to recover data, underscoring the practical and reputational pressures institutions face when struck.

” If 2025’s figures have shown us anything, it’s that ransomware attacks remain a dominant threat for companies of all sizes and across all industries,” Rebecca Moody, head of data research at Comparitech, said in a statement, adding that attackers increasingly exploit third-party suppliers to magnify impact and access multiple victims through a single compromise. Her comments reflect growing concern that vendor relationships create systemic risk even where an organisation’s own defences are robust.

Independent surveys and vendor reports reinforce the human and operational toll on education IT teams. Sophos’ annual study found improved recovery outcomes and fewer ransom payments in many cases, but also rising stress and burnout among staff charged with incident response. Other industry analysis shows faster restoration timelines for many institutions compared with previous years, indicating progress in resilience even as threats persist.

Taken together, the evidence points to a twofold imperative for education leaders: maintain and strengthen core cyber hygiene, regular patching, reliable backups, authentication controls and staff training, while elevating fourth-party and supplier oversight so that partner vulnerabilities do not become campus crises. According to sector reporting, institutions that combine technical defences with rigorous vendor risk management and support for overburdened IT teams will be best placed to limit disruption going forward.

Source Reference Map

Inspired by headline at: ^[1]

Sources by paragraph:

Source: Fuse Wire Services