Haywood County Schools

Haywood County Schools, also known as Haywood School District, operates as an educational institution within the United States. Its primary function involves providing K-12 education services to students residing within Haywood County, North Carolina. The district manages multiple schools and administrative facilities, delivering standard public education curricula and associated support services to its community. Core operations include classroom instruction, student enrollment and records management, staff administration, and facilitating remote learning capabilities. As a public school district, it handles significant volumes of sensitive personal information pertaining to both students and employees as part of its daily functions.

The district experienced a significant cybersecurity incident on August 24, 2020, when it was targeted by the SunCrypt ransomware group. Attackers successfully infiltrated the network, exfiltrating unencrypted data containing sensitive staff and student information before deploying ransomware encryption across devices using a PowerShell script distributed from the domain controller. This attack forced a complete shutdown of the district's network infrastructure, resulting in the temporary suspension of remote learning activities. Following the district's refusal to pay the ransom demand, the threat actors publicly leaked a 5GB archive of the stolen personal and institutional data. Forensic investigations confirmed the data breach occurred but were unable to definitively ascertain the full scope of the exfiltrated information. The encryption deployed by SunCrypt proved irreversible without the attackers' decryption key, leading to persistent partial system disruptions even after remote instruction was eventually restored.