According to a threat analysis report from Comparitech, educational institutions in the United States were the most targeted by ransomware attacks in 2023. Schools and colleges faced over 121 malware incidents, a significant increase from the 71 attacks reported in 2022.
The impact of these attacks was notable, with educational institutions experiencing an average of 12.6 working days lost due to ransomware, compared to 8.7 days in the previous year.
In terms of financial repercussions, the cost of recovery from ransomware incidents ranged between $540,000 and $560,000 from 2018 to 2024. The introduction of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in October 2025 is expected to provide more accurate data on these incidents. CIRCIA will require schools and other educational institutions to report cyber incidents within 72 hours, with a reduced timeframe of 48 hours specifically for ransomware attacks.
Comparitechās research highlights that many educational institutions are either inadequately prepared for such attacks or are struggling with funding shortages, leading to a lack of in-house cybersecurity expertise. This situation could become increasingly problematic if not addressed.
On a positive note, the Federal Communications Commission (FCC) is initiating a Cybersecurity Pilot Program for schools, investing approximately $200 million over the next three years. This program aims to assess and address the cyber risks faced by educational institutions and implement effective risk mitigation measures.
Additionally, the FBI and CISA have issued a joint advisory about an Iranian hacking group known as Pioneer Kitten, Fox Kitten, UNC757, Parasite, and RUBIDIUM. This group is reportedly focused on disrupting and spreading ransomware within the healthcare and educational sectors. They typically infiltrate networks to steal sensitive information and then demand ransom, threatening to release the data if their demands are not met.
In related news, cities and counties are increasingly taking proactive measures to prevent ransomware-related losses. This shift indicates that local governments are beginning to allocate budgets for enhanced cybersecurity, suggesting progress towards achieving greater cybersecurity resilience.