Ransomware Attacks Plateau in Education Sector, While Third-Party Threats Loom Big
In 2025, ransomware attacks around the world increased by 32%– however in the education sector, attacks appeared to plateau, according to the latest research study from Comparitech.
Attacks by Sector Worldwide, the cybersecurity research study company taped 7,419 ransomware attacks in 2015, compared to 5,631 in 2024. Of those 7,419, 1,173 were validated by the targeted organizations, Comparitech said. The rest were openly declared by ransomware groups on their information leak sites. The breakdown of attacks across market sectors was as follows:
- 6,292 attacks on businesses (up 35% from 2024);
- 374 on government entities (up 27%);
- 444 on healthcare business (up 2%); and
- 252 on education organizations (up 2%).
Comparitech kept in mind that the reasonably flat growth in attacks on education and healthcare institutions “might be due to a variety of factors,” such as a modification of focus amongst opponents to the manufacturing sector (which experienced the biggest year-over-year increase in attacks, at 56%), in addition to increased cybersecurity awareness due to prominent attacks in recent years.
Ransom Demands Decrease
The average ransom need throughout all markets in 2025 was $1.04 million, a decrease of 26% compared to 2024. In education, the typical ransom demand was $456,200, down 34% from 2024. Almost half of all business paid the ransom to retrieve their data, according to study data from Sophos.
Third-Party Service Providers a Key Attack Vector
“If 2025’s figures have revealed us anything, it’s that ransomware attacks remain a dominant danger for business of all sizes and across all markets,” commented Rebecca Moody, head of information research study at Comparitech, in a declaration. “As we get in 2026, hackers will likely continue to make use of vulnerabilities, target key infrastructure, civil services, and makers, and seek to steal big amounts of information in the process. 2025’s findings also highlight that hackers see third-party service providers as the perfect target since they not only provide possible access to numerous companies through one source but they likewise make it possible for large-scale information breaches. From the crippling attack on Collins Aerospace, which interfered with travel at several airports across Europe, to the causal sequences of information breaches on the likes of Marquis Software Solutions and Oracle, 2025 need to work as a stark suggestion that no matter how protect an organization’s systems may be, they’re only as protected as the third parties they use to carry out various services. So, while business are going to wish to make sure they’re on top of all the essential essentials (performing routine backups, covering vulnerabilities as soon as they’re flagged, offering employees with regular training, and ensuring systems depend on date), it’s likewise critical that they’re vetting the 3rd parties they utilize.”
Learn More
The full report is readily available here on the Comparitech site.
About the Author
Rhea Kelly is editor in chief for School Innovation, THE Journal, and Spaces4Learning. She can be reached at [e-mail secured]