Ransomware Attack Surge Hits UK Education Sector – A 23% Jump in 2025
Ransomware attacks have surged across the education sector, marking a worrying 23% increase in just six months, a fresh report reveals. The UK is not alone—schools and universities globally are facing relentless cyber threats.
According to cybersecurity watchdog Comparitech, a staggering 130 ransomware incidents—confirmed and unconfirmed—targeted educational institutions in the first half of 2025. The average ransom demand? A hefty $556,000.
Education has now become the fourth-most targeted sector, trailing behind business, government, and healthcare. “Education was the fourth-most-targeted sector during the first half of 2025,” says the Comparitech report.
So, what’s driving the spike? Simple. Schools are digital goldmines. With the shift towards remote learning and increased use of digital platforms, institutions store troves of sensitive student and staff data—making them prime targets. But they often lack the cyber defences of bigger organisations.
It’s a perfect storm. “Schools have become a popular target for hackers thanks to a combination of increased digitization, the robust amount of student and staff data, and a lack of cybersecurity resources.”
The numbers are stark. Between July 2023 and December 2024, 82% of K-12 schools in the US experienced at least one cyber incident, according to the Center for Internet Security. While UK figures aren’t far behind, much of the damage goes under the radar due to limited disclosures.
Take this case, shocking and recent. “A 19-year-old agreed to plead guilty in May to allegedly hacking and extorting student information system provider PowerSchool for $2.85 million.”
The fallout? Sensitive information belonging to 10 million teachers and over 60 million students was exposed. Dozens of school districts were also hit with threats. More than 100 school systems launched lawsuits against PowerSchool following the breach.
“The incident resulted in the leaking of sensitive data of 10 million teachers and more than 60 million students.”
But here’s the catch—many attacks never make the headlines. “One challenge of tracking cyberattacks is that incidents aren’t always disclosed by the organization targeted or the ransomware group that attacks.”
Comparitech only tags an attack as confirmed when an organisation publicly acknowledges it or when evidence aligns with a ransomware group’s claim.
With attacks growing more frequent and sophisticated, what can schools do? Experts suggest cybersecurity insurance, stronger data access controls, and deploying multifactor authentication. And if a breach is detected? Quick action is vital.
That includes reaching out to law enforcement—like the FBI or Department of Homeland Security’s U.S. Computer Emergency Readiness Team and engaging cybersecurity professionals to contain the threat.
“The FBI advises against paying ransoms, as doing so can encourage further cyberattacks and doesn’t guarantee that stolen data will be returned or that access to critical systems will be restored.”
In the end, this is a wake-up call. Schools are under siege in the digital age, and the threats aren’t slowing down. Proactive protection isn’t just a tech issue it’s a matter of safeguarding the future of education itself.
