Skip to content

Tag: security awareness

Link

Sophos - State of Ransomware in Education 2025 - White Paper Released

EDScoop summarizes an August 2025 Sophos report on Education sector ransomware and suggests "Education sector improving on ransomware, but IT teams are stressed, report shows" (article link on edscoop.com)

The article notes that “Ransomware attacks in education don’t just disrupt classrooms, they disrupt communities of students, families, and educators,” Alexandra Rose, Director, CTU threat research at Sophos, said in a press release. 

The Sophos white paper State of Ransomware in Education 2025 is available to the GW Community Sophos Whitepaper  (linked PDF file). 

The impacts of ransomware the report notes go beyond services interruptions and potential financial payments.  The report notes the Human impact of ransomware on IT/cybersecurity teams:

  • 41% of education sector-based IT/cybersecurity teams reported increased anxiety or stress about future attacks.
  • 40% reported increased pressure from senior leaders, while 31% reported increased recognition.
  • 38% cited both a change of team priorities/focus and an ongoing increase in workload as impacts on their IT/cybersecurity team.
  • 37% reported changes to the team/organizational structure because of the incident.
  • One third (34%) said the team experienced feelings of guilt that the attack was not stopped in time.
  • 31% of teams experienced staff absence due to stress/mental health issues related to the attack.
  • In one quarter of cases, the team’s leadership was replaced as a consequence of the attack.

The Sophos report also notes attackers are interested in data theft in addition to encrypting it "19% of all [higher education] victims, and 33% of those with encrypted data, reporting data theft,".  Interestingly the report also notes: "97% of education providers [sector wide] that had data encrypted were able to recover it." either through backups or ransom payment.

  • Among higher education providers, only 47% used backups to restore data, a sharp drop from 78% in 2024, placing the sector among the bottom three for backup use. This may be due to the decentralized IT infrastructure, complex data environments, legacy systems, and inconsistent backup practices often seen across higher education institutions.
  • 54% of higher education providers paid the ransom and got their data back — slightly above the 49% cross-sector average, but a welcome decrease from the 78% recorded in 2024.

The Sophos white paper reports the "median ransom demanded dropped in 2025 (right column below) compared to 2024 (left column below)

The report also notes that the median payments are decreased from 2024 (left column to 2025 right column)

The data analysis also suggests payments were lower than the initial demand for several reasons. "39 higher education providers that paid less than the initial demand explained how they were able to lower their payment:"

  • 59%: We negotiated a lower amount with the attackers (the highest percentage recorded against this factor in this year’s survey).
  • 46%: We paid the ransom quickly, so we got a discount.
  • 44%: The attackers reduced their demand to encourage us to pay.
  • 41%: A third party negotiated a lower amount with the attackers.
  • 38%: The attackers reduced their demand due to external pressures (e.g., from the media or law enforcement).

Recovery times for higher education institutions impacted by a ransomware attack have improved, with 59% of higher education institutions reporting being "fully recovered" in under 1 week.

 
 
Finally, the Sophos white paper State of Ransomware in Education 2025 provides several recommendations.  GW IT Security is continuing to work through each of these focus areas with several new initiatives underway.  Everyone at GW can assist by being informed (see our events listing as well as our awareness guides and learning resources), coordinating with GW IT on service design including disaster recovery planning that includes plans, exercises, and specific backup and recovery strategies. 
 

Recommendations

Although education providers have experienced several changes in their encounters with ransomware over the last year, it remains a significant threat. As adversaries continue to iterate and evolve their attacks, it’s essential that defenders and their cyber defenses keep pace with ransomware and other threats. Leverage the insights in this report to fortify your defenses, sharpen your threat response, and limit ransomware’s impact on your business and people. Focus on these four key areas to stay ahead of attacks:

Prevention. The most successful defense against ransomware is one where the attack never happens because adversaries couldn’t breach your organization. Take steps to eliminate the technical and organizational root causes highlighted in this report.

Protection. Strong foundational security is a must. Endpoints (including servers) are the primary destination for ransomware actors, so ensure that they are well defended, including dedicated anti-ransomware protection to stop and roll back malicious encryption.

Detection and response. The sooner you stop an attack, the better your outcomes. Around-the-clock threat detection and response is now an essential layer of defense. If you lack the resources or skills to deliver this in-house, look to work with a trusted managed detection and response (MDR) provider.

Planning and preparation. Having an incident response plan that you are well versed in deploying will greatly improve your outcomes if the worst happens and you experience a major attack. Be sure to make quality backups and regularly practice restoring data from them to accelerate recovery if you do get hit.

 

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.  This information is provided for reference and awareness purposes.  References to external organizations, products, and reports do not constitute endorsement or validation of the views, conclusions, or recommendations they contain.

 

 

Link

Then & Now: Online Safety for Older Adults

picture of adults

Older adults are among the most targeted, and most impacted, by online scams. In fact, the FBI reports that Americans over 60 lose more money to cybercrime than any other age group.

Just like locking the front door of your home, taking a few smart safety steps can make all the difference. That’s why we’re excited to announce Then & Now, a new initiative from the National Cybersecurity Alliance to empower older adults and their caregivers with the tools they need to protect themselves online.

Then & Now highlights how threats have changed over time. But with a bit of guidance and a few smart habits, anyone can be safer online with some key practices.

Then & Now features a microsite and easy-to-follow workbook* that covers:

  • Easy steps for securing online accounts with passwords and multifactor authentication
  • Tips to spot common scams
  • Guidance to keep devices updated and protected
  • How-to video guides and quick activities you can practice right away
Deleted:

* GW Cybersecurity Team Note - the workbooks are $5.00 per copy. Workbooks are not required for Microsite activities and content - Jump to microsite

Content Produced by:
NationalCybersecurityAlliance_Logo
 
 

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #CyberSafeGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

 

 

Published on

Social media trends are not only fun, but they also include a hint of FOMO if we don’t participate. The same can be said for the newest viral trend of “how hard did aging hit me” challenge, also know as the “10 year challenge.” There have been speculations on the origin and purpose of this trend across the internet, even in the information security Twitter community.

Kate o'Neill Tweet Image

Kate O’Neill’s tweet is a perfect example of a growing distrust the public has of social media and the internet in general after the introduction of many AI technologies, whether they be related to ad content or predictive text.

This affects the GW community at every level; students, staff members, and faculty members alike partake in social media sharing. There is nothing that confirms that O’Neill’s tweet has truth to it. However, our goal is to highlight the need of users to be smart and to be safe online. Always be vigilant of what you post and how much detail you give out, especially when it comes to location sharing. Criminals are becoming increasingly more knowledgable about how to use technology to their advantage, as are large corporations like Facebook where we live our daily lives. The younger the clientele, the more common it is for them to live their life in the digital world. Be #securityaware.

Skeptics can agree that this trend and some others can be seen as data mining or data harvesting parading as a harmless social game. Realistically speaking, information security professionals know that technology has become so mobile that it goes where we go. So, our message to you is be mobile, but be mindful. Stay mindful of what you share and how much you share. It may sound like an older generation reprimanding you, but it is true, everything you do does not have to be a social media post.

#bemobile #bemindful #securityaware

 

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.