Ransomware gang says it hacked a South Carolina school district

Ransomware gang Medusa yesterday claimed responsibility for a cyber attack earlier this month at Laurens County School District 56 in South Carolina.

Medusa gave the school district two weeks to pay a $320,000 ransom, or else it threatens to sell or release 2.4 TB of the school’s private data. To prove its claim, Medusa posted a sample of images that it says are documents stolen from the district.

District 56 has not verified Medusa’s claim. We do not yet know if the school district did or will pay a ransom, what data might be compromised, or how attackers breached the district’s network. Comparitech contacted Laurens School District 56 for comment and will update this article if it replies.

Superintendent David O’Shields on February 3, 2025 notified staff and families that the district had suffered a security breach.

“We have confirmed that there has been a security breach affecting our computer systems. The impacted systems are still being identified,” the notice states. “As a precaution, students are not to use any electronic devices on our campuses.”

Who is Medusa?

Medusa is a ransomware gang that first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.

Since the start of 2023, Medusa claimed 114 confirmed ransomware attacks compromising nearly 2.5 million records. Its average ransom is $687,000.

Medusa’s other recently confirmed victims include the UK’s HCRG Care Group, from which the gang demanded $2 million last week.

Medusa has claimed 46 unconfirmed ransomware attacks so far this year that have not been acknowledged by the targeted organizations.

Ransomware attacks on US education

Ransomware attacks on schools and other education facilities can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data. A school that refuses to pay can face extended downtime, lose data, and put students and faculty at increased risk of fraud.

In 2025 so far, Comparitech researchers logged six confirmed ransomware attacks on US schools, colleges, and universities. Some recent such attacks include:

• Oral Roberts University is notifying students of a December 2024 ransomware attack claimed by Rhysida, which demanded $1.6 million. The compromised data included Social Security numbers.
• Addison Northwest School District suffered a ransomware attack in January
• University of Oklahoma suffered a ransomware attack in January
• Harrison County, WV Board of Education suffered a ransomware attack in January claimed by SafePay
• Aurora, CO Public Schools suffered a ransomware attack in January
• Jefferson School District 251 suffered a ransomware attack in February

About Laurens County School District 56

District 56 is a public school district in Laurens County, South Carolina that enrolls 2,827 students as of 2020. Its schools include:

• Clinton Elementary School
• Clinton High School
• Clinton Middle School
• Eastside Elementary School
• Joanna-Woodson Elementary School
• M.S. Bailey Child Development Center