Cyber Incident Victim: Kanawha County Schools

On January 11, 2017, Kanawha County Schools experienced a ransomware attack that compromised their internal document systems. The incident occurred on Wednesday evening, disrupting access to administrative files. School district officials confirmed the attack to local news outlet WSAZ, stating that no personal information belonging to students, staff, or other individuals was accessed during the breach. The district successfully restored all affected internal documents following the attack, though the restoration timeline and specific technical methods used were not disclosed. Officials emphasized that the district did not pay any ransom to the attackers, despite the ransomware's encryption of their systems. The attack vector remained unidentified at the time of reporting, with no public explanation of how the threat actors initially infiltrated the network. No additional disruptions to educational operations or other critical systems were reported beyond the internal document systems.

The ransomware incident primarily impacted administrative functions reliant on the compromised internal documents, though the exact duration of system unavailability was not specified. District representatives maintained that the restoration process fully recovered all affected files without permanent data loss. While asserting no unauthorized access to sensitive personal information occurred, the district provided no forensic evidence or methodological details supporting this conclusion. The attack prompted internal investigations, but findings regarding the intrusion's origin or the attackers' identity were not disclosed publicly. Cybersecurity measures implemented post-incident were not described in available reports. The district's restoration efforts concluded without further ransomware-related disruptions as of the last public update.