Cyber Incident Victim: Nantucket Public Schools
Date:
Jan 2023
Location:
United States of America
Summary
A ransomware attack disrupted Nantucket Public Schools, forcing multi-day closures and the dismissal of 1,700 students and staff. The incident encrypted systems, prompting administrators to shut down internet access, security cameras, phones, and all devices as a precaution. External cybersecurity experts collaborated with the district's IT team to restore most servers and resume classes with limited functionality—student Chromebooks were operational, but staff devices remained inaccessible. No ransom was paid, as the attackers reportedly withdrew their demands after pushback. During the outage, the district coordinated with local organizations to ensure student safety and childcare. Recovery efforts continued post-resumption to address remaining system vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 31, 2023, Nantucket Public Schools experienced a ransomware attack that forced the immediate shutdown of all five district schools. The malicious software encrypted critical data, rendering systems inaccessible and prompting administrators to cancel classes for all 1,700 students and staff by midday Tuesday. Superintendent Elizabeth Hallett ordered a full disconnection of internet services and powered down all student and staff devices—including phones, security cameras, and other safety systems—to contain the attack. The district remained closed Wednesday as cybersecurity experts worked with the IT department to assess damage and restore operations. No evidence indicated whether threat actors stole data or specified ransom demands during initial reports.
The district engaged external security specialists to assist recovery efforts, successfully restoring most server functionality by Wednesday evening. School Committee Chair Tim Lepore confirmed no ransom payment was made, noting attackers withdrew demands when challenged. Classes resumed Thursday under limited technology protocols: students could access school-issued Chromebooks, while staff remained locked out of most systems pending full restoration. The district coordinated with the Nantucket Boys & Girls Club to provide childcare during closures. Ongoing remediation focused on rebuilding encrypted systems, though officials did not disclose whether backups enabled recovery or if permanent data loss occurred. The incident caused two full days of operational disruption but concluded without physical safety compromises or confirmed data exfiltration.