Ransomware attacks against the education sector increase 16% in a year and become the new favorite target, and the culprit could be the reckless use of GenAI

  • Check Point Research reports that education faced 4,816 weekly ransomware attacks in June 2026, a 16% year-over-year increase, keeping it the most attacked sector.
  • Risks arise from open networks, reduced budgets and reckless use of GenAI, with 1 in 26 enterprise notices leaking sensitive data and 85% of organizations being affected.
  • Latin America saw the steepest increase (27%), while government and telecommunications also absorbed large volumes, demonstrating attackers’ focus on high-exposure industries.

Each week in June, education organizations around the world faced 4,816 ransomware attacks. This is a 16% increase compared to the same month last year, meaning this sector remains the most popular target for cybercriminals.

This is what emerges from “A new leader in ransomware emerges as June 2026 attack volumes increase around the world”, a new in-depth report on the state of ransomware, published by security experts Check Point Research (CPR).

According to the new CPR article, education is a popular target due to “open campus networks, constant device turnover, and small security budgets.” In other words, it’s low-hanging fruit, especially compared to other industries like government, technology, or healthcare. But these aren’t the only reasons why hackers target education more than any other industry. It is also due to the behavior of employees, who, by using GenAI recklessly, substantially increases the security risk.

Latin America is the most affected

“It’s about what employees put into prompts: customer records, internal documents, infrastructure details, legal materials, financial data, or HR information that can be copied to public or unmanaged GenAI tools,” explains CPR.

“1 in 26 GenAI requests from enterprise networks carried a high risk of sensitive data leakage, equivalent to a global exposure rate of 3.9%,” the document reads. “85% of organizations that regularly use GenAI tools were affected by high-risk alert activity” and “another 27% of alerts contained potentially sensitive information.”

This primarily affects organizations in Latin America that reported, on average, 3,501 weekly attacks (a 27% increase compared to June 2025). APAC followed with 3,060 (an increase of 5%), and Africa recorded 3,008 weekly attacks (a decrease of 9%).

In addition to education, ransomware operators are also targeting government institutions (2,836 weekly attacks, up 5%) and telecommunications (2,835 weekly attacks, up 13%).

“Together, these three sectors continue to absorb a disproportionate share of global attack volume, a pattern that has remained stable in recent months even as specific numbers change,” CPR concluded.

Leave a Comment

Your email address will not be published. Required fields are marked *