Matthew Robare writes for the Martin Center about the threat of ransomware in higher education across the country.

Colleges and universities around the country are proving to be easy prey to hackers with ransom demands. In Massachusetts, Cape Cod Community College was defrauded of $800,000 last year, while Colorado’s Regis University paid an undisclosed amount to regain access to their files after a ransomware attack—and still did not get access back.

Ransomware is a type of malicious software that, once it infects a computer system, allows attackers to lock out victims until they pay a ransom to regain access. With budgets getting tighter for public and private colleges in the wake of the coronavirus, funding IT security could slip through the cracks.

In many ways, a college is an ideal target for hackers. Even a small one has hundreds of people connecting to its network, and many campuses have old machines with out-of-date software used by students and the public. It only takes one person clicking on the wrong email to compromise the entire system. Colleges are “a prime environment for these attacks,” Jared Phipps, a cybersecurity expert, told Inside Higher Ed.

When a college’s IT system gets compromised, the ransom amount can vary considerably. When the admissions-tracking system at Grinnell, Oberlin, and Hamilton Colleges (which they share) was hacked, aspiring freshmen were offered the chance to see their files for around $4,000, which was later discounted to $60.

In contrast, when for-profit Monroe College was the victim of a ransomware attack, hackers demanded $2 million. Crowder College in Missouri saw a similarly high price tag of $1.6 million to regain control of its system. The University of Calgary and Carleton University in Canada and Los Angeles Valley College paid ransomware demands that cost the schools up to $35,000, according to the cybersecurity company Acronis.