“The threat of ransomware attacks is significant. R&E institutions have the challenge of protecting sensitive data and ensuring operational continuity, all while facing shrinking budgets,” said Sarah Bigham, lead security analyst at Indiana University – REN-ISAC.
At the 2025 Internet2 Technology Exchange (TechEX25), held Dec. 8-12 in Denver, Colo., Sarah will lead the session “Ransomware in Higher Education,” to help R&E institutions prepare for and mitigate ransomware attacks.
Ahead of her TechEX25 session, we sat down with Sarah to learn more about growing trends in ransomware attacks. Here is a preview of what attendees can learn from Sarah at her session.
Sarah Bigham
Lead Security Analyst
Indiana University – REN-ISAC
What other TechEX25 sessions will you be attending?
“Agentic AI – What lies ahead for Higher Education” looks very interesting, and I’m very much looking forward to it.
What are
some trends in ransomware attacks you have observed in the past 24 months?
Sarah: The median ransom demand in higher education fell from
$3.55 million to $697,000 in the last year, among the lowest demands across all industries.
The
median ransom payment also fell sharply from $4.41 million to $463,000. That moved R&E from being one of
the highest payers of ransomware attack demands in 2024 to among the lowest in 2025.
It has
become evident that higher education is recovering more quickly from attacks, with 59% of victims (up from
30% in 2024) fully recovering within a week.
What are
some of the consequences of ransomware attacks that you have seen?
Sarah: The consequences of falling victim to a ransomware attack
are endless; however, the most severe are financial, operational, legal, and reputational.
What is
the #1 piece of advice you would give to colleagues to protect themselves against ransomware
attacks?
Sarah: You must know your environment better than the adversary.
Unfortunately, that has been the Achilles’ heel of many organizations during ransomware attacks.
What are
some of the key points you will cover in your session?
Sarah: I will discuss the evolution of attacks, adversary trends,
methods for detecting attacks, and the pros and cons of paying the ransom.
What are
some takeaways you want attendees to walk away with after your session?
Sarah: Knowing the top attack vectors is key to hardening your
environment.
I want attendees to know what these attack vectors are and the variants that use
them. We will also go over several new ransomware variants and how they affect the R&E community.
Sarah’s session on ransomware attacks against R&E institutions is part of the Information Security Track at TechEX25. Other session topics in that track include alerting and response automation, access management, using artificial intelligence to combat cyber attacks, and much more.
Will we see you in Denver at TechEX25? If you haven’t registered yet, time is running out!
You don’t want to miss out on this opportunity to learn directly from your peers and participate in one of the year’s most important gatherings for IT professionals in R&E.
Explore the full TechEX25 program and secure your seat at the table.
New to TechEX?
Check out our first-timer resources for tips and exclusive events designed to help you connect and maximize your experience.