Two U.S. school districts hit with ransomware attacks this week
- Sam Sabin, author of Axios Codebook

Illustration: Sarah Grillo/Axios
School districts in Tucson, Arizona, and Nantucket, Massachusetts, are responding to ransomware attacks on their networks this week — with at least one district canceling classes as it mitigates the impact.
Driving the news: Schools in Nantucket are closed Wednesday as the district works to understand the scope of a ransomware attack that hit their computers.
- The district also ended the school day early on Tuesday after the attack compromised the school system's computers, according to the Nantucket Current.
- The Tucson Unified School District — the largest school district in southern Arizona — said Tuesday night that it's been responding to a "data security incident" since Monday, but that schools are still "fully functioning." Local news reports indicate the incident is a ransomware attack.
The big picture: Schools have been near constant ransomware targets for years due to IT budget constraints and a lack of dedicated resources.
- The Cybersecurity and Infrastructure Security Agency released a plan last week to help K-12 schools strengthen their cybersecurity regimes, accounting for the resource and budget hurdles districts tend to face.
By the numbers: Nantucket Public Schools is the fifth school district to be struck by ransomware this month, according to Emsisoft threat analyst Brett Callow.
- Emsisoft estimates that 45 schools districts contended with ransomware in 2022.
Details: Ransomware gang Royal is likely behind the attack in Tucson, according to a copy of the ransom note obtained by local TV station KOLD News. But it's still unclear who is behind the Nantucket schools attack.
- In Nantucket, the district has told staff and students not to use any school-issued devices because "they could compromise home networks," the Nantucket Current also reported. The district has more than 1,700 students.
- In Tucson, most administrative staff worked from home earlier this week after the attack crashed school WiFi networks, per the Arizona Republic.
Sign up for Axios’ cybersecurity newsletter Codebook here.