Cyber Incident Victim: Florien High School
Date:
Jul 2019
Location:
United States of America
Summary
A ransomware attack targeted three public school districts in Louisiana, prompting the governor to declare a state of emergency to mobilize National Guard resources and freeze prices of critical services to prevent exploitation. At Florien High School, anomalous bandwidth usage alerted administrators early one morning, leading to the discovery of ransomware that destroyed all data stored solely on district servers, including decades of personal and institutional records. While one affected parish reported minimal operational disruption with payroll and major systems intact, the incident resulted in substantial data loss for other districts. This marked the first activation of Louisiana's Cybersecurity Commission emergency protocols, established to coordinate statewide responses to cyber threats. The declaration aimed to facilitate recovery efforts and investigate the attack's scope, including potential data exfiltration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 19, 2019, ransomware attacks impacted three Louisiana public school districts, including Florien High School in Sabine Parish. The incident began when Florien High School’s technology supervisor received a mobile alert at 4:00 AM on Sunday, July 14, indicating unusually high bandwidth consumption. Subsequent investigations confirmed ransomware had infected the school’s servers. Principal Eddie Jones reported catastrophic data loss affecting "anything and everything housed solely on the School District’s servers," including 17 years of his personal documents. Simultaneously, the Morehouse Parish school district experienced a ransomware attack, though officials stated their critical systems—including payroll—remained operational, suggesting less severe disruption than in Sabine Parish. This followed an earlier ransomware incident targeting Monroe City school district the previous week. Louisiana Governor John Bel Edwards declared a statewide emergency on July 17, marking the first activation of the state’s Cybersecurity Commission emergency protocols established in 2017.
The emergency declaration mobilized National Guard cybersecurity personnel and resources to assist recovery efforts, mirroring Colorado’s 2018 response model to similar attacks. It also imposed price controls on goods and services within emergency zones to prevent opportunistic rate hikes by IT contractors during the crisis. While the specific ransomware variant and threat actors remained unidentified, the attacks exposed vulnerabilities in centralized server infrastructure, particularly impacting districts like Sabine that relied heavily on local servers for data storage. Governor Edwards framed the response as a test of Louisiana’s self-proclaimed "international leadership in cybersecurity capabilities," though no disclosures regarding data exfiltration or comprehensive damage assessments were provided at the time of reporting. The coordinated attacks underscored systemic risks to educational institutions’ digital infrastructure, prompting unprecedented state-level intervention.