Executive Summary

A new report from Comparitech reveals that while the education sector remains a significant target for ransomware, the rate of increase in attacks slowed during 2025. The study identified 251 ransomware attacks against schools, colleges, and universities worldwide, a modest 2% rise from 2024. These attacks led to the confirmed breach of nearly 4 million individual records. The United States remained the most targeted nation, suffering 130 attacks, although this represented a 9% decline for the U.S. compared to the prior year. The report underscores the persistent threat, with gangs like Medusa demanding substantial ransoms and attacks causing significant operational disruptions, including school closures.

Threat Overview

• Attack Type: Ransomware
• Target Sector: Education (K-12 schools, colleges, universities)
• Global Trend (2025): 251 attacks, a 2% year-over-year increase.
• Data Impact: At least 3.96 million records breached in 94 publicly confirmed incidents.
• Most Targeted Country: United States (130 attacks).
• U.S. Trend: 9% decrease in attacks compared to 2024.
• Notable Threat Actor: Medusa ransomware gang.

Despite the slowing growth rate, the absolute number of attacks remains high, indicating that under-resourced educational institutions are still viewed as attractive targets by cybercriminals.

Impact Assessment

The impact of ransomware on the education sector is particularly damaging:

• Operational Disruption: Attacks frequently disrupt core systems for managing students, phones, and building access, leading to school closures and cancellation of classes. The attack on Uvalde CISD in Texas, for example, forced schools to close.
• Financial Strain: Educational institutions, often operating on tight budgets, face crippling financial demands. The Medusa gang demanded $400,000 from both Fall River Public Schools and Franklin Pierce Schools. Even if the ransom is not paid, recovery costs can be substantial.
• Data Breach of Minors: The theft of student data is especially sensitive, exposing minors to potential identity theft and privacy violations. The 3.96 million breached records represent a significant loss of personal information.
• Loss of Learning: Downtime and school closures directly result in lost instructional time for students, impacting educational outcomes.

Case Studies

• Fall River Public Schools (Massachusetts) & Franklin Pierce Schools (Washington): Both districts were targeted by the Medusa ransomware gang, which claimed to have stolen data and demanded a $400,000 ransom from each.
• Uvalde CISD (Texas): An attack disrupted phone, camera, and visitor management systems, forcing the district to close schools. The district confirmed it did not pay the ransom and was able to restore systems from backups, highlighting the value of a resilient recovery plan.

Mitigation Recommendations for the Education Sector

Educational institutions must prioritize cybersecurity despite budget constraints.

1. Invest in Backups: As demonstrated by Uvalde CISD, a robust, tested, and offline backup system is the most critical defense. It is the only guaranteed way to recover from an attack without paying a ransom.
2. Conduct Security Assessments: Regularly perform risk assessments to identify and prioritize vulnerabilities in the network, especially on internet-facing systems.
3. Implement MFA: Enforce multi-factor authentication on all staff and student accounts, particularly for email and remote access, to protect against credential compromise.
4. Network Segmentation: Segment the network to separate critical administrative systems from the broader student and guest networks. This can contain a ransomware infection and prevent it from spreading to essential servers.
5. Cybersecurity Training: Provide regular training for all staff on how to recognize and report phishing emails, which are a primary entry point for ransomware.
6. Develop an Incident Response Plan: Have a clear, actionable plan for what to do in the event of a ransomware attack. This plan should be practiced through tabletop exercises.