Uvalde school district says ransomware attack forcing closure until Thursday

A ransomware attack has forced the public school district in Uvalde, Texas, to shut down for most of the week as officials attempt to restore systems. 

The Uvalde Consolidated Independent School District serves about 5,000 students in Uvalde County as well as parts of Zavala and Real counties. 

Anne Marie Espinoza, chief of communications for the school district, said on social media this weekend that they are dealing with a “significant technology incident.”

“Ransomware has been detected within our district’s servers, severely affecting access to essential systems like phones, AC controls, camera monitoring, visitor management, Skyward, and more,” she said.

The district was home to Robb Elementary School, which suffered a shooting in 2022 that led to the deaths of 19 students and two teachers. Robb Elementary was eventually demolished and the district built a new school on the same site. 

“These systems are crucial for the safety and security of our schools. The incident has been reported to the FBI, our insurance cybersecurity team, and other relevant agencies,” Espionza added. “A comprehensive investigation is underway to uncover the source of the malware and assess whether any sensitive information has been compromised. Completing these investigations is essential before we can start recovering our systems.”

Espinoza said the school district will be closed from Monday to Thursday and the days will be swapped with other “non-working” days on the school calendar. The school’s website is down as of Monday afternoon. 

Southwest Texas College added that dual credit courses offered through Uvalde High School will be temporarily paused until the district resumes classes.

Espinoza did not respond to questions about what group is behind the attack. No ransomware gang has taken credit as of Monday. The district is only a few weeks into the new school year, complicating the situation.  

Dozens of cities, counties and states are struggling to recover from similar recent incidents.  

Over the last week, cities in North Carolina and Ohio announced devastating cyberattacks that are impacting government services, utility payments and more. Governments in Nevada, Minnesota, Maryland, Ohio and Texas confirmed ransomware attacks or cyber incidents that exposed citizen data and damaged critical state functions over the last month.

Multiple states have criticized federal officials for pulling back on their cybersecurity support for state and local governments. Federal agencies cut support for the Multi-State Information Sharing and Analysis Center — a relied-upon resource for cyber threat monitoring and mitigation — and pared back other resources for cash-strapped municipalities. 

The Major County Sheriffs of America, National Association of State Chief Information Officers, National Association of Counties, United States Conference of Mayors and National League of Cities came together last month to urge Congress to reinstate federal funding for MS-ISAC.

In 2024 alone, MS-ISAC’s services helped states identify and prevent more than 59,000 potential malware and ransomware attacks to state and local endpoints, the letter explained. 

“Without federal funding, our members will be left to combat foreign cyber and multidimensional threats on their own. The loss of federal funding will create significant vulnerabilities for rural and small communities that often lack the resources to manage cybersecurity threats independently,” the organizations said in a letter to House and Senate leaders. 

“It will lead to gaps in critical security services, making state and local governments more susceptible to cyberattacks, undermining public trust and safety. In short, without MS-ISAC's services, many of its members will not be able to maintain the security of their public services.”