Cyber Incident Victim: Nacogdoches Independent School District
Date:
Feb 2020
Location:
United States of America
Summary
A ransomware attack targeted Nacogdoches ISD, encrypting and locking files on computers, rendering them inaccessible to users while confirming attackers did not access the information. The district proactively shut down its network to contain the spread, initiated recovery efforts with external assistance from Microsoft and law enforcement, and reported impacts across all departments. Restoration of the computer network was anticipated to require several days, with ongoing work to assess the virus type and scope of document and functional damage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 11, 2020, Nacogdoches Independent School District (NISD) in Texas confirmed it was responding to a ransomware attack affecting portions of its computer systems. District officials discovered the cybersecurity incident that morning when encrypted and locked files rendered some PCs unusable, preventing staff from accessing certain documents and functions. The ransomware encrypted data but did not grant attackers access to sensitive information. NISD immediately shut down its entire network as a precautionary measure to isolate unaffected systems and limit further spread of the malware. While the specific ransomware variant remained unidentified at the time of reporting, the district initiated efforts to verify the extent of compromised files and operational disruptions across departments.
NISD engaged multiple external partners to assist with recovery, including Microsoft and unspecified cybersecurity vendors, while formally notifying the Texas Education Agency and the Federal Bureau of Investigation about the attack. Restoration of the network was projected to take several days due to the complexity of decrypting or replacing affected systems. Les Linebarger, NISD’s Executive Director of Communications, publicly acknowledged the operational inconvenience impacting all district departments but emphasized staff were prioritizing containment and restoring critical functions. The district did not disclose whether ransom demands were issued or paid, nor did it specify initial infection vectors or whether student or employee data was exfiltrated during the incident. Recovery efforts focused on rebuilding systems rather than confirming data integrity at this preliminary stage.