Cyber Incident Victim: South Knox School Corporation
Date:
Oct 2019
Location:
United States of America
Summary
The South Knox School Corporation experienced a ransomware attack that infected approximately 50 of its over 400 computers, disrupting operations late on a Friday afternoon. All affected servers were successfully restored following the incident, with recovery efforts led by the district's administration. The malware outbreak caused temporary system-wide disruptions but did not compromise broader network infrastructure beyond the initially impacted devices. Superintendent Tim Grove confirmed the containment and restoration process, noting no additional operational interruptions beyond the initial infection scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 11, 2019, South Knox School Corporation (SKSC) experienced a ransomware attack that disrupted its operations late on a Friday afternoon. The malware infected approximately 50 of the corporation’s 400 computers, compromising a portion of its digital infrastructure. The incident forced SKSC to initiate recovery procedures to address the encryption of systems by the virus. Superintendent Tim Grove publicly confirmed the scope of the infection, emphasizing the targeted nature of the attack relative to the total number of devices. The ransomware’s activation coincided with the end of the school week, potentially limiting immediate operational disruptions to academic activities. No specific details regarding the ransomware variant, initial attack vector, or demands were disclosed in available reports.
SKSC’s response focused on restoring affected systems, with all servers fully recovered following the incident. The corporation did not report data exfiltration or specify whether student or employee information was compromised during the event. Recovery efforts prioritized server functionality, though the timeline for complete restoration of all 50 infected computers remained unconfirmed. Superintendent Grove’s disclosure provided the primary public account of the incident, with no supplementary technical details or attribution released. The attack highlighted vulnerabilities within the school’s network but resulted in no documented long-term operational or financial consequences beyond the immediate recovery period. SKSC resumed normal operations following server restoration without further public updates regarding residual impacts or security enhancements.