Ransomware Attacks Plateau in Education Sector, While Third-Party Risks Loom Large
In 2025, ransomware attacks around the world increased by 32%– however in the education sector, attacks appeared to plateau, according to the current research study from Comparitech.
Attacks by Sector Worldwide, the cybersecurity research company recorded 7,419 ransomware attacks in 2015, compared to 5,631 in 2024. Of those 7,419, 1,173 were verified by the targeted organizations, Comparitech said. The rest were openly declared by ransomware groups on their information leak websites. The breakdown of attacks throughout industry sectors was as follows:
- 6,292 attacks on organizations (up 35% from 2024);
- 374 on government entities (up 27%);
- 444 on healthcare companies (up 2%); and
- 252 on education institutions (up 2%).
Comparitech noted that the reasonably flat development in attacks on education and healthcare institutions “could be due to a number of elements,” such as a modification of focus among opponents to the production sector (which experienced the largest year-over-year increase in attacks, at 56%), as well as increased cybersecurity awareness due to high-profile attacks over the last few years.
Ransom Demands Decline
The average ransom need throughout all markets in 2025 was $1.04 million, a decline of 26% compared to 2024. In education, the average ransom demand was $456,200, down 34% from 2024. Nearly half of all business paid the ransom to recover their information, according to survey information from Sophos.
Third-Party Company a Key Attack Vector
“If 2025’s figures have shown us anything, it’s that ransomware attacks remain a dominant hazard for companies of all sizes and across all markets,” commented Rebecca Moody, head of data research at Comparitech, in a statement. “As we enter 2026, hackers will likely continue to make use of vulnerabilities, target key facilities, public services, and producers, and look for to steal large quantities of information while doing so. 2025’s findings likewise highlight that hackers see third-party service providers as the best target because they not only give them prospective access to numerous companies through one source however they likewise enable massive data breaches. From the crippling attack on Collins Aerospace, which disrupted travel at multiple airports throughout Europe, to the causal sequences of data breaches on the likes of Marquis Software application Solutions and Oracle, 2025 should serve as a plain pointer that no matter how secure an organization’s systems may be, they’re only as safe and secure as the third parties they use to perform various services. So, while companies are going to wish to ensure they’re on top of all the essential fundamentals (performing regular backups, covering vulnerabilities as soon as they’re flagged, supplying employees with regular training, and making certain systems are up to date), it’s likewise important that they’re vetting the third parties they utilize.”
Find Out More
The full report is readily available here on the Comparitech site.
About the Author
Rhea Kelly is editorial director for School Technology, THE Journal, and Spaces4Learning. She can be reached at [email secured]