Wagon Mound Public Schools, a tiny PK–12 district in Mora County in northeastern New Mexico that serves about 70 students, took its internet and networked computers offline after Superintendent Anita Romero told families the system was “infected with a virus” that shut down access across the network.
In a message posted March 3, Romero said the disruption began “this past Thursday,” indicating the network was affected around Feb. 26. Romero, who is listed by the district as superintendent and principal, said the district notified its insurance company and that response work was underway to restore systems.
She said staff and student computers would be collected and scanned, adding that “no one is allowed on the internet and computers” while remediation continues, signaling a broad technology shutdown affecting day-to-day operations.
The district said it would provide updates as more information becomes available. Officials have not publicly said whether investigators found evidence of an intrusion, ransomware, or data theft, or when full service would be restored.
The district did not respond to an email from DysruptionHub seeking comment.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
A listing on the ransomware tracking site Ransomware.live says the ransomware group Interlock posted Wagon Mound Public Schools as a victim on March 9, 2026, and alleged it obtained about 80GB of data, including staff and student information. The district has not publicly confirmed a ransomware demand or any data theft.
No prior confirmed cyber incidents involving Wagon Mound Public Schools were immediately found in widely available public reporting. The case also follows a broader pattern of New Mexico K–12 disruptions where early descriptions of “network” or “virus” problems are later clarified after forensic reviews.
In Carlsbad, ParentSquare updates in late October 2025 described phone and internet outages, with phased restoration and later public criticism from union leaders about transparency as the school board discussed “network security and operability” in closed session. In Aztec, officials cited disruptions to campus security systems and communications during a weeklong outage in February 2025 and did not publicly confirm a cyberattack, though Interlock later claimed responsibility. And in Gadsden, the district said a ransomware attack hit at the start of the 2024-25 school year, told staff to power down devices, and said student devices were not affected and it saw no initial signs of compromised data.
If the Interlock claim is substantiated in Wagon Mound, the district could face notification decisions depending on what information was accessed. Families can expect future district updates to clarify what systems were affected, when services will be restored, and whether any personal information was involved.
