Cyber Incident Victim: Eastern Hancock Community School Corporation
Date:
May 2021
Location:
United States of America
Summary
Eastern Hancock Schools in Indiana experienced a ransomware attack that disrupted operations, prompting an immediate network shutdown upon discovery to contain the threat. The defensive action resulted in widespread service outages, including loss of phone communications, HVAC control, internet access, and printing capabilities. District officials reported no ransom demand or identified perpetrators at the time of initial reports, while expressing resilience in adapting to the disruption amid ongoing operational challenges. Restoration efforts were anticipated, though confirmation of full service recovery remained pending in available reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Eastern Hancock Schools in Indiana experienced a ransomware attack discovered on the morning of Monday, May 24, 2021, following an intrusion that occurred over the preceding weekend. Upon detection, the district immediately shut down its entire network to contain the attack and prevent further spread. This defensive action resulted in widespread operational disruptions: the district lost phone system functionality, internet access, printer capabilities, and control over HVAC systems. The timing coincided with school operations, though the district anticipated restoring services by the next day (May 25). Superintendent Dave Pfaff publicly confirmed the incident but noted no ransom demand had been received from the attackers at that stage, and their identity remained unknown. The district’s response prioritized containment through network isolation, reflecting standard incident response protocols for ransomware scenarios.
The attack compounded existing challenges faced by the district during the COVID-19 pandemic, as acknowledged by Pfaff, who characterized the incident as “a different kind of punch” amid ongoing adaptations. No data theft or student information compromise was mentioned in initial reports. Local media outlets WTHR and Daily Reporter covered the disruption, but no follow-up confirmation emerged by the article’s publication date (May 22) regarding whether systems were fully restored or if partial outages persisted. The district maintained operational flexibility, continuing in-person schooling despite the technical limitations. No attribution, malware specifics, or financial impacts were disclosed in available sources.