Cyber Incident Victim: Sugar-Salem School District 322

The Sugar-Salem School District 322 in Idaho experienced a disruptive ransomware attack during the week of April 23, 2019, which compromised all district servers. The attack was discovered on Tuesday, April 23, coinciding with the administration of ISAT standardized testing across the district. Upon detecting the ransomware encryption, district administrators immediately shut down all affected servers and disconnected district computers as a containment measure. Superintendent Chester Bradshaw confirmed the incident involved ransomware but stated no sensitive student data or personally identifiable information was exfiltrated or permanently lost. The district's swift isolation of systems prevented lateral movement across the network but resulted in widespread operational disruption.

The ransomware incident forced the immediate suspension of ISAT testing, a state-mandated assessment, disrupting academic schedules. All school operations relying on server access—including administrative functions, digital learning tools, and file storage—ceased until systems could be restored. The district did not publicly disclose the ransomware variant, initial attack vector, or whether a ransom demand was made or paid. Recovery efforts focused on restoring systems without compromising data integrity, though the timeline for full restoration remained unspecified. The attack highlighted vulnerabilities in critical testing periods, though the district avoided data loss through prompt containment actions.