Education ransomware attacks remained a serious global threat in 2025,
even as the pace of incidents targeting schools and universities showed early
signs of stabilisation. A new report from Comparitech that came out on Thursday
said that schools and colleges around the world were hit by 251 ransomware
attacks last year. This shows that the education sector is still vulnerable,
even though cybercrime is on the rise in other fields.
According to Comparitech, 94 of the 251 ransomware attacks on schools in
2025 were confirmed by the schools that were attacked. These confirmed events
led to the loss of about 3.96 million records, which included private
information about students, staff, and administrators. Researchers noted that
the increase in ransomware attacks was much smaller than in other sectors, even
though the overall number of attacks rose by only 2% compared to 2024.
Across all industries, ransomware activity surged dramatically in 2025.
Comparitech recorded 7,419 ransomware attacks worldwide, representing a 32%
jump from the previous year. In contrast, education ransomware attacks did not
follow the same sharp upward trajectory. Analysts called this difference
"good news," which means that attackers may be shifting their focus
to industries like manufacturing and critical infrastructure, which usually pay
more.
The United States continued to be the most heavily targeted country for
education ransomware attacks in 2025, accounting for 130 incidents, of which 50
were confirmed. Despite leading globally in absolute numbers, the U.S. recorded
a 9% decline in attacks on educational institutions compared with 2024.
However, the broader picture remains concerning. The Center for Internet
Security's survey found that 82% of K–12 schools in the U.S. had at least one
cyber incident between July 2023 and December 2024. This shows that the sector
is still very vulnerable.
In 2025, another interesting trend was that ransom demands against
schools and colleges went down. Comparitech said that the average ransom demand
in the education sector around the world dropped by 33%, from $694,000 in 2024
to $464,000 in 2025. This drop is good news for school districts with tight
budgets and old IT systems, but experts warn that even lower ransom demands can
be very bad for them.
Real-World Disruptions in School Districts
The impact of education ransomware attacks was illustrated in September
when Uvalde Consolidated Independent School District in Texas suffered a
ransomware incident that forced schools to close for several days. The attack
disrupted critical systems, including phones, security cameras, and visitor
management platforms. The district later confirmed it did not pay a ransom and
successfully restored systems using backups, stating there was no evidence of
unauthorized access to sensitive data, though investigations continued.
Comparitech also highlighted unconfirmed attacks in 2025 involving
Massachusetts’ Fall River Public Schools and Washington’s Franklin Pierce
Schools. Both districts were allegedly targeted by the ransomware gang Medusa,
which claimed to have stolen data and demanded $400,000 from each. These cases
ranked among the five largest ransom demands reported in the global education
sector last year, even though the districts did not publicly confirm the
breaches.
Ed Tech Under Growing Scrutiny
Beyond schools themselves, education technology companies remain
attractive targets. Past breaches at Illuminate Education and PowerSchool
exposed millions of student records, prompting calls for stronger oversight. In
2025, K-12 technology experts warned that ed tech firms could face increased
accountability as governments tighten regulations around student data
protection and advance investigations into previous breaches.
The Trump administration made things harder by ending a number of
federal programs that helped keep schools safe online in 2025. One of these was
shutting down the Department of Education's Office of Educational Technology.
Since then, groups that support education have warned that schools that can't
afford these resources could be even more vulnerable to future ransomware
attacks on schools.
While the stabilisation of education ransomware attacks offers cautious
optimism, experts agree the threat remains far from contained. As cybercriminal
tactics evolve and public-sector defenses lag, educational institutions
worldwide continue to face significant risks that demand sustained investment,
policy support, and vigilance.
Also Read :- Education Excellence Magazine for more information