Cyber Incident Victim: Griggsville-Perry School District
Date:
Jan 2022
Location:
United States of America
Summary
The Griggsville-Perry School District experienced a ransomware attack disrupting network operations and compromising instructional files, mirroring a broader trend targeting K-12 institutions. Technical teams worked extensively to restore system functionality, though many teaching materials were permanently lost while others remained recoverable. This significantly hindered lesson planning and delivery, prompting early student dismissals to allow staff time for material inventory and curriculum reorganization. Ongoing network instability required continued remediation efforts, with operational adjustments anticipated as recovery progressed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 1, 2022, Griggsville-Perry School District experienced a ransomware attack that disrupted its network operations. The attackers encrypted district files and demanded payment for their release, consistent with a growing pattern of such incidents targeting K-12 schools nationwide, including a similar attack on Albuquerque Public Schools approximately one week prior. District technicians worked through the weekend and subsequent days following the attack to purge compromised systems and restore functionality, ultimately verifying that networks were secure for resumed use. However, significant data loss occurred, with many instructional files used by teachers becoming permanently inaccessible while others remained potentially recoverable. This degradation of teaching resources created immediate operational challenges, impairing educators’ ability to prepare lessons and deliver curriculum effectively. Persistent network instability further complicated recovery efforts, requiring ongoing technical interventions.
In response to these disruptions, district administration implemented modified schedules on Thursday and Friday following the attack, dismissing students at 12:15 PM with shuttle buses departing at noon. This early dismissal protocol provided staff with additional time to assess lost materials, develop replacement lesson plans, and reorganize instructional approaches. District leadership acknowledged the necessity for continued operational flexibility, noting that further network-related issues might necessitate additional schedule adjustments. A formal reassessment of recovery progress was scheduled for the conclusion of the abbreviated Friday schedule to determine subsequent response measures. The incident caused significant operational strain, with district officials publicly characterizing the situation as disruptive but expressing confidence in collaborative resolution through staff adaptation and community support.