Ransomware Attacks Plateau in Education Sector, While Third-Party Risks Loom Large

• By Rhea Kelly
• 01/22/26

In 2025, ransomware attacks across the globe increased by 32% — but in the education sector, attacks appeared to plateau, according to the latest research from Comparitech.

Attacks by Sector

Worldwide, the cybersecurity research firm recorded 7,419 ransomware attacks last year, compared to 5,631 in 2024. Of those 7,419, 1,173 were confirmed by the targeted organizations, Comparitech said. The rest were publicly claimed by ransomware groups on their data leak sites. The breakdown of attacks across industry sectors was as follows:

• 6,292 attacks on businesses (up 35% from 2024);
• 374 on government entities (up 27%);
• 444 on healthcare companies (up 2%); and
• 252 on education institutions (up 2%).

Comparitech noted that the relatively flat growth in attacks on education and healthcare institutions "could be due to a number of factors," such as a change of focus among attackers to the manufacturing sector (which experienced the largest year-over-year increase in attacks, at 56%), as well as increased cybersecurity awareness due to high-profile attacks in recent years.

Ransom Demands Decline

The average ransom demand across all industries in 2025 was $1.04 million, a decrease of 26% compared to 2024. In education, the average ransom demand was $456,200, down 34% from 2024. Nearly half of all companies paid the ransom to retrieve their data, according to survey data from Sophos.

Third-Party Service Providers a Key Attack Vector

"If 2025's figures have shown us anything, it's that ransomware attacks remain a dominant threat for companies of all sizes and across all industries," commented Rebecca Moody, head of data research at Comparitech, in a statement. "As we enter 2026, hackers will likely continue to exploit vulnerabilities, target key infrastructure, public services, and manufacturers, and seek to steal large quantities of data in the process. 2025's findings also highlight that hackers see third-party service providers as the perfect target because they not only give them potential access to hundreds of companies through one source but they also enable large-scale data breaches. From the crippling attack on Collins Aerospace, which disrupted travel at multiple airports across Europe, to the ripple effects of data breaches on the likes of Marquis Software Solutions and Oracle, 2025 should serve as a stark reminder that no matter how secure an organization's systems may be, they're only as secure as the third parties they use to carry out various services. So, while companies are going to want to make sure they're on top of all the key basics (carrying out regular backups, patching vulnerabilities as soon as they're flagged, providing employees with regular training, and making sure systems are up to date), it's also critical that they're vetting the third parties they use."

Find Out More

The full report is available here on the Comparitech site.