Cyber Incident Victim: Goshen Central School District
Date:
Jul 2024
Location:
United States of America
Summary
The Goshen Central School District experienced a ransomware attack that disrupted computer systems, disabling phones and email communications. Cybersecurity experts and law enforcement were engaged to investigate the source and implement remediation efforts while the district maintained in-person operations. Temporary contact numbers were established for key departments including transportation, registration, and school offices to facilitate community communication. Summer programs continued with adjusted locations, including relocating some activities to external facilities, while transportation details were coordinated separately. Recovery teams worked to restore network functionality and provide ongoing updates throughout the incident response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Goshen Central School District discovered a ransomware attack late on July 10, 2024, which disabled critical operational systems including computer services, phone lines, and email communications. Superintendent Dr. Kurtis Kotes publicly confirmed the cyberattack on July 11, notifying parents that district officials had immediately engaged cybersecurity experts and law enforcement to investigate the incident's origin and initiate recovery procedures. Despite the widespread technical disruptions, all district schools and administrative offices remained physically accessible for in-person interactions, with summer programming continuing as scheduled under modified conditions. The Extended School Year Program maintained its original location in the Main Street Administration Building, while the Summer Academy—scheduled to begin the following week—relocated to the Orange-Ulster BOCES Career and Technical Education Building on Gibson Road due to ongoing system outages. Transportation logistics for relocated programs were communicated separately to affected families.
By July 12, the district's disaster recovery team was actively working to restore network functionality, though progress remained limited during initial remediation efforts. Temporary communication protocols were established to maintain community contact, with plans announced to distribute provisional phone numbers by July 15. Specific department extensions became operational through a centralized phone system using (845) 615- prefixes, as detailed in a July 18 update that provided direct lines for administrative offices, transportation services, and individual school buildings. Throughout the eight-day recovery period, district leadership issued four public updates documenting containment measures and operational workarounds, emphasizing continuity of educational services despite persistent technological limitations. No data theft or instructional disruptions were reported beyond the compromised communication infrastructure and temporary relocation of one summer program. Restoration efforts remained ongoing as of the latest communication on July 18, with no confirmed timeline for full system recovery.