Ransomware gang demands $2 million from Tennessee school district after cyber attack

Ransomware gang Rhysida today claimed responsibility for a cyber attack on Rutherford County Schools in Tennessee.

Rutherford County Schools on December 1 confirmed it was the target of a cyber attack that occurred on November 25, 2024.

The district’s website says, “Rutherford County Schools recently became aware of a network disruption affecting its systems. We promptly launched an investigation into the nature and scope of the event. We are working diligently to investigate the source of the disruption, confirm its impact on our systems, and restore full functionality to our systems as soon as possible.”

Rhysida gave the district seven days from the date of the attack to pay 20 bitcoin in ransom, worth more than $2 million at time of writing. It posted scans of what it says are stolen RCS documents to prove its claim. If RCS didn’t pay, Rhysida threatened to sell the stolen data to the highest bidder and refused to restore infected systems.

The school district has not verified Rhysida’s claim. We don’t yet know what data was compromised, if RCS paid a ransom, or how attackers breached the district’s network. Comparitech contacted Rutherford County Schools for comment and will update this article if it responds.

Who is Rhysida?

Rhysida is thought to have ties to the ransomware group Vice Society and first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected systems.

Rhysida claimed 65 confirmed ransomware attacks since it began, compromising more than 4 million records. Its average ransom is $1.3 million.

Rutherford County isn’t the first school district hit by Rhysida. The group recently launched successful attacks against Henry County Schools (TN), the Vermilion Parish School System (LA), Granite School District (UT), and Fyle coast Academy Trust (UK).

Ransomware attacks on US education

Ransomware attacks on schools can lock down computer systems and steal confidential information stored on them. The attackers then demand a ransom in exchange for a key to unlock the infected systems and for not selling or publishing the stolen data. If they don’t comply, schools can lose their data, spend months restoring their systems, and put their staff and students at risk of identity theft. The ransomware can affect access to student grades, staff payroll, library loans, lunch payments, and internet access in general.

Comparitech researchers logged 65 confirmed ransomware attacks on US schools, universities, and other educational institutions in 2024 so far, plus another 67 attackers that haven’t been acknowledged by targets.

Other recent ransomware attacks on schools include those against Greater Lawrence Technical School (MA), Elwood Community School Corporation (IN), Marietta City Schools(GA), Highland Park Independent School District (TX), and Wayne-Westland Community Schools (MI).

About Rutherford County Schools

Rutherford County Schools is a school district based in Murfreesboro, Tennessee. It enrolls nearly 50,000 students in pre-school through 12th grade and consists of 27 elementary schools, 13 middle schools, 11 high schools, and three other schools.