Cyber Incident Victim: Griggsville-Perry School District
Date:
Jan 2021
Location:
United States of America
Summary
The Griggsville-Perry School District experienced a ransomware attack where hackers encrypted files and demanded payment for their release. In response to the incident, the district canceled classes for two consecutive days and subsequently implemented early dismissals over the following two days, with shuttle buses adjusting schedules to accommodate noon departures. Operational disruptions forced administrators and staff to prioritize resolving the attack's impact while managing shortened instructional time.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Griggsville-Perry School District in Pike County, Illinois, experienced a disruptive ransomware attack in January 2021 that significantly impacted school operations. On January 19 or shortly before, threat actors compromised the district’s systems, encrypting files and demanding a ransom for their release. This incident forced the district to cancel all classes on Tuesday, January 19, and Wednesday, January 20, as administrators and technical staff worked to assess the damage and restore functionality. The attack paralyzed critical systems, though specific details about the ransomware variant, initial attack vector, or scope of encrypted data were not publicly disclosed.
By January 20, the district announced modified operations to mitigate ongoing disruptions. Classes resumed on Thursday, January 21, and Friday, January 22, but with early dismissals at 12:15 p.m. to accommodate continued recovery efforts. Shuttle buses operated on adjusted schedules, departing at noon to align with the abbreviated school day. The early closures followed the two-day shutdown, extending the operational challenges across four consecutive school days. No information was released regarding whether the district paid the ransom, recovered data through backups, or permanently lost information. The incident underscored the vulnerability of educational institutions to cyberattacks disrupting academic schedules and administrative functions.