Belgrade School District in Belgrade, Montana, is restoring systems after malware disrupted technology in early April, affecting routine school functions while a review of possible data exposure continues.
The district said the malware had been removed, but restoration work is expected to continue into June as cybersecurity experts review whether personal information was involved. Belgrade School District No. 44 serves more than 3,200 students across five schools in Gallatin County, according to federal district data.
The district notified families April 6 that it had “recently experienced technology issues affecting certain systems” in its network and was working to repair systems safely, Belgrade News reported. Parents later told MTN News the problems affected school operations, including lunch processing and assignments.
Trustees authorized $750,000 on April 17 for network security and restoration services related to the incident, according to Belgrade News. The approval prompted community speculation that the money was for a ransom, but Superintendent Dede Semerad said the funds were for restoring system functionality and preventing future incidents.
The district said May 18 that its review of the Belgrade malware incident had not found evidence of unauthorized access to Infinite Campus, its cloud-based student information system. Officials said they were still reviewing whether information in other district systems may have been affected.
In a May 19 statement, the district attributed the technology problems to malware affecting some systems in its network environment, according to NonStop Local. Officials said the district initiated incident response protocols, isolated affected systems and worked to secure, restore and stabilize the network after discovering the issue.
The district has not publicly confirmed ransomware, a ransom demand or a threat actor. It said it would directly notify affected people if its review determines that personal information related to students, staff or others was involved.
Semerad told MTN News the district was still in the investigation and restoration stages and did not have a final cost for the technology issues. She said the district was working with its insurance carrier on possible coverage.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The district has not responded to questions from DysruptionHub about when the malware was discovered, when disruptions first began, what systems remain affected, whether ransomware has been ruled in or out, whether a threat actor or ransom demand was identified, whether law enforcement was notified and whether any data was accessed or removed.
The Belgrade incident follows a series of disruptive K-12 cyber events this spring, including Wagon Mound Public Schools in New Mexico, which shut down internet and computers in March after a virus, and Delano Public Schools in Minnesota, which canceled classes in May after its network was compromised.
Major unresolved questions include the exact date the malware was discovered, which systems were affected, whether data was accessed, the final recovery cost, whether law enforcement is involved and when all services will be fully restored.
