Image: Ivan Aleksic

Ransomware group claims attack on Wisconsin school district

A ransomware group took responsibility for a cyberattack on a school district in Wisconsin serving nearly 20,000 students. 

The Snatch ransomware group added the Kenosha Unified School District to its list of victims on Sunday morning but did not say how much data was stolen during the attack or what kind of files were taken.

The school district did not respond to requests for comment but on September 29, officials published a notice about a cyberattack that began on September 25. 

The school district said it notified staff and families that it “proactively took certain portions of its network offline after it experienced a cybersecurity incident.”

They contacted law enforcement and hired a cybersecurity firm to investigate the incident. The school eventually brought systems back online and said it would review the incident to “mitigate any potential impact to data.”

The incident comes as U.S. government agencies seek to beef up security around K-12 schools after dozens of high profile attacks throughout 2022 — including a headline grabbing ransomware attack on one of the country’s largest school districts

Last week, Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly said that over the next year they will focus efforts on improving the digital defenses of three critical infrastructure sectors, one of which was the nation’s K-12 schools. 


On Monday, the U.S. Government Accountability Office published its own report on the impact of cybersecurity incidents affecting K-12 schools. 

“Officials from state and local entities reported that the loss of learning following a cyberattack ranged from 3 days to 3 weeks, and recovery time ranged from 2 to 9 months,” the report found.

GAO officials said the Secretary of Education and CISA need to establish a collaborative mechanism to coordinate cybersecurity efforts between agencies and with the K-12 community.

They urged the Education department to develop metrics for the effectiveness of K-12 cybersecurity-related products and services as well as coordinate with federal agencies on ways to “best to help school districts overcome the identified challenges.”

The GAO also provided similar recommendations to CISA, asking that the agency determine the extent to which the agency “meets the needs of state and local-level school districts to combat cybersecurity threats.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.