Cyber Incident Victim: Lake Oswego School District

The Moses Lake School District, encompassing 16 schools in Washington, experienced a disruptive ransomware attack in July 2020. The incident began when a phishing email containing malicious content reached district systems. Forensic analysis traced the attack’s origin to an IP address located in Moscow, though no specific threat actor group was identified in available reporting. The ransomware encrypted critical infrastructure, rendering systems inaccessible and forcing the district offline. Administrators discovered that the attackers demanded a $1 million ransom payment to restore access to the encrypted data. District leadership declined to negotiate with or pay the ransom demand, opting instead to rely on internal recovery processes.

The district’s recovery efforts involved rebuilding more than 50 affected servers and workstations over a period exceeding two weeks. Restoration relied exclusively on backup data, with some backups being up to five months old at the time of the attack. This restoration timeframe resulted in prolonged operational disruptions across academic and administrative functions. No confirmed data exfiltration or student information compromise was disclosed in the examined source material. The incident underscored infrastructure vulnerabilities associated with phishing vectors and highlighted the operational consequences of dependency on outdated backups during cyber recovery scenarios. The district resumed normal operations after completing system restoration without fulfilling the attackers’ financial demands.