Cyber Incident Victim: Addison Northwest School District
Date:
Jan 2025
Location:
United States of America
Summary
A ransomware attack targeted the Addison Northwest School District, disrupting operations by locking access to servers and shutting down internet services across all district schools and offices. The incident prompted immediate activation of response protocols, including system isolation, engagement with cybersecurity professionals, and FBI involvement due to their familiarity with the threat actor. While restoration efforts using backups are underway, the extent of compromised data remains undetermined. District leadership emphasized transparency and ongoing community updates while prioritizing data security assessments once systems are restored. The attack mirrors previous ransomware incidents affecting Vermont educational institutions, highlighting regional vulnerabilities to such cyber threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 7, 2025, the Addison Northwest School District (ANWSD) identified a cybersecurity incident that disrupted operations across all three district schools and its central office. Superintendent Sheila Soule confirmed the incident as a ransomware attack that locked district officials, teachers, and employees out of servers and shut down internet services. The attack prevented access to critical systems, though the district did not immediately confirm the scope of compromised data. Upon discovery, ANWSD activated its incident response protocols, which included isolating affected systems, engaging cybersecurity professionals, and notifying law enforcement agencies, including the FBI. The FBI participated in the investigation due to familiarity with the specific threat actor involved but could not provide a decryption key to unlock the malware. Soule stated the district would restore servers from backups, though the process would require significant time. Historical context noted similar ransomware incidents in Vermont, including a 2020 attack on the University of Vermont Medical Center and a late 2023 attack on the Milton Town School District.
ANWSD communicated updates to staff and families via email on January 7 and January 8, emphasizing transparency while acknowledging limited initial details. Superintendent Soule’s initial email outlined precautionary recommendations for monitoring financial accounts, phishing attempts, and unauthorized logins, though no confirmed data breaches were disclosed at the time. A follow-up email on January 7 at 5:30 p.m. reiterated that the attack targeted district servers, leaving systems inaccessible until restoration. The district prioritized assessing potential data compromise after server recovery and pledged further updates as the investigation progressed. Operational impacts included prolonged system downtime, with no confirmed timeline for full restoration. Soule emphasized the district’s commitment to safeguarding student, family, and employee data throughout the response, aligning with Vermont’s broader experience with ransomware threats targeting educational and healthcare institutions.