Ransomware attacks against education sector rise 16% in one year becoming the new favorite target — and reckless GenAI use could be to blame | Daily Reports Online
- Check Point Research reports education faced 4,816 weekly ransomware attacks in June 2026, up 16% YoY, keeping it the most targeted sector
- Risks stem from open networks, thin budgets, and reckless GenAI use, with 1 in 26 enterprise prompts leaking sensitive data and 85% of orgs affected
- Latin America saw the sharpest rise (27%), while government and telecoms also absorbed heavy volumes, showing attackers’ focus on high‑exposure industries
Every week in June, organizations in the education industry around the world faced 4,816 ransomware attacks. This is up 16% compared to the same month last year, and means this sector remains the most popular target among cybercriminals.
This is according to “A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide”, a new in-depth report on the state of ransomware, published by security experts Check Point Research (CPR).
As per CPR’s new paper, education is a popular target because of “open campus networks, constant device turnover, and thin security budgets”. In other words, it’s a low-hanging fruit, especially compared to other industries like government, technology, or healthcare. But these are not the only reasons why hackers target education more than any other industry. It is also because of how employees behave which, by using GenAI recklessly, substantially increases security risk.
Latin America bearing the brunt
“It is about what employees place into prompts: customer records, internal documents, infrastructure details, legal material, financial data, or HR information that may be copied into public or unmanaged GenAI tools,” CPR explains.
“1 in every 26 GenAI prompts from enterprise networks carried a high risk of sensitive data leakage, equal to a global exposure rate of 3.9%,” the paper reads. “85% of organizations that regularly use GenAI tools were affected by high-risk prompt activity,” and “a further 27% of prompts contained potentially sensitive information.
This mostly affects organizations in Latin America who reported, on average, 3,501 weekly attacks (up 27% compared to June 2025). APAC followed at 3,060 (up 5%), and Africa posted 3,008 weekly attacks (down 9%).
Besides education, ransomware operators are also targeting government institutions (2,836 weekly attacks – up 5%), and telecoms (2,835 weekly attacks – up 13%).
“Together these three sectors continue to absorb a disproportionate share of global attack volume, a pattern that has held steady across recent months even as the specific numbers shift,” CPR concluded.







