Cyber attack that shut down schools in New Mexico claimed by ransomware gang

Ransomware gang Interlock today claimed responsibility for a February 2025 cyber attack on the Aztec Municipal School District in New Mexico.

The school district announced a network outage on February 24, 2025 forced schools to cancel classes. It reopened on March 3, 2025, but as of time if writing, the district is still recovering systems and restricting access to the network from external computers.

“We regret to inform you that an unforeseen network outage has significantly impacted our ability to operate safely and effectively. As a result, we must close school for the day, 2/24/2025 to assess the situation and develop a plan for moving forward,” the district said in a February 23 Facebook post.

Interlock says it stole 1.3 TB of “financial and tax disclosure materials, employee and student data, and more.” To prove its claim, the cybercriminal group posted images of what it says are documents stolen from the school district.

Aztec Municipal School District has not verified Interlock’s claim. We do not yet know what data was compromised, if the district paid a ransom, how much Interlock demanded in ransom, or how attackers breached the district’s network. Comparitech contacted district officials for comment and will update this article if they reply.

“During the outage, Aztec Schools experienced a loss of network connectivity to our door security systems. To maintain the safety of our schools, we implemented temporary measures to secure all doors,” says a March 4 post on the district’s Facebook page.

Who is Interlock?

Interlock is a new ransomware gang that first started adding targets to its leak site in October 2024. The group claimed eight confirmed attacks to date, plus 10 more unconfirmed claims that haven’t been acknowledged by the targeted organizations.

In 2024, Interlock claimed responsibility for attacks on Winnebago Public Schools and the Texas Tech University Health Sciences Center.

The attack on Aztec Schools is the group’s first confirmed attack claim of 2025.

Ransomware attacks on US education

Comparitech researchers have logged 10 confirmed ransomware attacks on US schools, colleges, and other education institutions so far in 2025. Since February, we recorded attacks on Laurens County School District 56 in South Carolina, Williamsburg-James City County Schools in Virginia, Riverdale Country School in New York, and Penn-Harris-Madison School Corporation in Indiana.

Ransomware attacks on schools and other education facilities can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data. Schools that refuse to pay can face extended downtime, lose data, and put students and faculty at increased risk of fraud.

About Aztec Municipal School District

In the northwest corner of New Mexico, Aztec Schools consists of three elementary schools, one middle school, and two high schools. It enrolls more than 2,800 students and employs more than 350 staff, according to the district’s website.