Rutherford County Schools Targeted in Two Unacknowledged Ransomware Attacks
In late 2024, Rutherford County Schools (RCS) in Murfreesboro, Tennessee, suffered two ransomware attacks, first by the BlackSuit group on October 19, and then by the Rhysida group on November 25. The BlackSuit attack compromised over 3,500 files containing sensitive employee and student data, yet it was never publicly acknowledged by the district. Similarly, the Rhysida attack was initially referred to only as a “network and systems disruption” until the hacker group issued a public ransom demand of 20 Bitcoin (approximately $2 million) on December 11. After the district declined payment, Rhysida leaked stolen information, including Social Security numbers and passports, exacerbating the crisis for affected individuals.
The district’s response to these attacks has drawn criticism for its lack of transparency, which some argue delayed protective measures for employees and families. While RCS has involved third-party cybersecurity experts and the Tennessee Bureau of Investigation (TBI), the public was not informed of the true nature of either attack until external parties revealed details. Critics contend that the district’s hesitancy to fully disclose the scope of these breaches undermines trust and may have put individuals at greater risk of identity theft. As the investigation continues, RCS has emphasized its commitment to restoring systems and notifying impacted individuals, but the dual incidents underscore the importance of proactive communication and robust cybersecurity practices in the education sector.