Cyber Incident Victim: Leominster Schools District
Date:
Apr 2018
Location:
United States of America
Summary
A Massachusetts school district fell victim to a ransomware attack that encrypted its computer systems, forcing administrators to pay a $10,000 Bitcoin ransom to regain access. The cyberattack locked employees out of critical systems, including district email services, prompting temporary reliance on personal Gmail accounts for communication. Following negotiations with the hackers, the district received partial decryption keys as proof before transferring the cryptocurrency payment. Interim police leadership advised cooperating with the extortionists due to the perceived impossibility of tracing the internationally-based perpetrators, ruling out a criminal investigation. While awaiting full system restoration, officials acknowledged support from multiple law enforcement agencies but confirmed no data theft occurred beyond the encryption-based lockdown.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 14, 2018, the Leominster Public Schools in Massachusetts experienced a ransomware cyberattack that encrypted the district’s computer systems, rendering critical files inaccessible. The attack occurred on a Saturday, immediately locking school employees out of their primary systems and disrupting district operations. Hackers demanded payment in Bitcoin to decrypt the files, initiating a negotiation process with district officials. Interim Leominster Police Chief Michael Goldman confirmed the attack involved “straight up decryption” without data mining, indicating no evidence of stolen information. The district’s email system was disabled, forcing staff to rely on personal Gmail accounts for communication. Superintendent Paula Deacon publicly acknowledged the incident, stating the district agreed to pay a negotiated ransom after assessing recovery options.
The district paid $10,000 in Bitcoin to the attackers, following advice from Chief Goldman, who deemed tracing the internationally based hackers “impossible.” Before payment, the hackers provided passwords to unlock select files as proof of their decryption capability. After transferring the funds, the district awaited full system restoration, though the timeline remained unclear. Goldman emphasized no criminal investigation was pursued due to the impracticality of identifying overseas perpetrators. Deacon thanked local, state, and federal authorities for support but did not disclose specific operational impacts or recovery steps. The incident highlighted reliance on cryptocurrency for extortion and the challenges of mitigating such attacks without guaranteed file recovery.