Sixty-three per cent of British universities that responded to a Freedom of Information (FoI) request admitted to being the victims of a ransomware attack.
Some 71 universities were sent requests from security vendor SentinelOne in July 2016, and three of the universities refused to answer, citing that their response could damage their commercial interests.
The research found that of the universities that had been hit, 56 per cent of the incidents occurred in the past year. It also found that two thirds of the affected universities were hit multiple times.
According to the FoI responses, only Oxford University and Kings College London admitted to having no anti-virus software on their systems.
The ransoms ranged from £77 to over £2,000, but none of the universities said they had paid up.
Clive Longbottom, founder of analyst Quocirca, said this level of attack is happening "across the board", but whereas public bodies must "fess up" under the Freedom of Information Act, private companies do not have to admit to attacks.
"Awareness is now spreading that these attacks are going to happen," he said. "No matter how much you try to educate the users, it is going to come through. There are new approaches that can make sure you can quickly recover from a ransomware attack without having to pay to get that information back."
The rise in ransomware attacks in recent years has been caused largely by the availability of "ransomware packs" on the dark web, according to Longbottom.
"It's becoming easier to find the packs on the dark web for creating ransomware," he explained. "It has also become easier to come up with spearfishing attacks to make it more likely that people will click on something that will trigger the ransomware attack. Whereas it started off just being run by a couple of highly efficient, organised crime units, it is now something where any old Joe can go and create a ransom attack and try it out."
Longbottom said the security industry has not been growing fast enough to combat the attacks, and more work needs to be done with operating systems to stop ransomware.
"I would have hoped that by now we would have seen something where there is the beginning of encryption even at the operating system level," he said. "Where the OS can notice things and at least ask the user if it should be happening. It doesn't seem like rocket science, but maybe I'm being too simplistic."
Mike Bacon, owner and managing director of VAR Academia, agreed that more needs to be done at the OS level to prevent more attacks.
"I think anything that is at the OS level is definitely better. It is so generic and wide based that there is always going to be room for the specialist vendors to develop enhanced tools," he said.
"[Ransomware] is a universal threat. Any large, high-profile public sector institution is a target. It's becoming a higher priority; every year when [university IT directors] list their priorities for IT, the concerns have been about data security."
Infrastructure provider says international sales now make up 51 per cent of its revenue
Suzanne Chappell of TMS plans sailing venture after selling Oxfordshire-based TMS to acquisitive Chess
Withdrawal of credit insurance by some providers a 'reflection' of current challenge facing IT sector, according to MD Steve Soper
SMART's UK managing director joins Lenovo to boost SMB business