Ransomware Attack Forces Illinois High School Closure, Disrupts Systems
Evanston Township High School in Illinois has been forced to close its doors and cancel all activities due to a significant ransomware attack that began on Sunday, June 7.
Evanston Township High School (ETHS), located just north of Chicago, announced on Monday that it would remain closed through at least Wednesday, June 10, following a ransomware attack discovered on Sunday. The incident has led to the cancellation of all school activities, including summer school, sports camps, and other on-campus events, impacting students, staff, and the wider community.
In response to the breach, ETHS immediately activated its incident response protocols. The school district has engaged external cybersecurity forensic experts and cyber breach attorneys to assist with the investigation and the complex process of system recovery. The primary goals are to determine the full extent of any data exfiltration and to restore normal operations as swiftly as possible. The Federal Bureau of Investigation (FBI) has also been notified and is cooperating with the ongoing investigation.
The attack has severely disrupted essential communication and operational systems. Phone lines are down, and staff are experiencing limited access to their email accounts. Furthermore, critical online resources used by students and parents, such as the PowerSchool Home Access Center, are currently inaccessible. This points to a potential containment phase where network access is restricted to prevent further spread of the ransomware.
While the school has not directly linked the outage of the PowerSchool Home Access Center to the attack, it is worth noting that PowerSchool itself was at the center of a significant cybersecurity incident in late 2024. The current disruption affects not only student access to academic information but also internal systems like Google accounts and "eSchool," significantly limiting the ability of most staff to perform their duties, even from home.
The education sector continues to be a prime target for cybercriminals. Institutions like ETHS hold vast amounts of sensitive personal and academic data, making them attractive targets for financially motivated attacks. This incident echoes a similar event disclosed just days prior, on June 4, which affected 13 schools in Powys, Wales, where personal data of staff and pupils was accessed.
In the Powys incident, the local council also cited the sensitive nature of the data as a reason for withholding specific details about the breach, including the number of individuals affected and the types of data compromised. While the council did not confirm ransomware as the vector, the impact on "some school systems" and the potential risk of identity fraud suggest a serious compromise.
These attacks underscore a persistent trend of cyber threats targeting educational institutions globally. The sensitive nature of student records, financial information, and personal data makes schools and universities lucrative targets for ransomware gangs and other cybercriminal groups seeking to extort payment or steal valuable information.
As ETHS works to recover and investigate the incident, the broader implications for cybersecurity in the education sector remain a critical concern. The prolonged disruption and potential data exposure highlight the urgent need for robust security measures, regular training, and effective incident response plans to protect these vital community resources.