Cyber Incident Victim: Rockingham County Schools

On December 11, 2017, Rockingham County Schools experienced a significant cybersecurity incident when multiple employees opened phishing emails containing a malicious Microsoft Word attachment titled "INCORRECT INVOICE." The downloaded file deployed Emotet malware into the school district's computer systems. This malware rapidly compromised critical infrastructure, leading to a complete shutdown of the district's computer network and internet services. The infection required extensive remediation efforts, with approximately 20 physical and virtual servers identified as compromised. These servers needed to be manually rebuilt due to the severity of the damage caused by the malware. District operations were severely disrupted, though officials confirmed no evidence suggesting unauthorized acquisition or exfiltration of personal information during the incident.

In response to the emergency, Rockingham County Schools convened an emergency board meeting shortly after the discovery of the breach. During this meeting held on an unspecified Wednesday following the December 11 attack, the board voted 7-1 to approve a 12-month service contract worth $314,000 with Atlanta-based ProLogic ITS, pending legal review. This contractual agreement represented the primary recovery measure undertaken by the district to address the infrastructure damage. The incident resulted in substantial operational and financial impacts, requiring comprehensive reconstruction of core systems without evidence of permanent data loss or theft.