The Huntsville City Schools system in Alabama has been targeted by ransomware operators, causing them to shut down schools for the remainder of the week and probably next week.

With almost 24,000 students, 2,300 teachers, and thirty-seven campuses, the Huntsville City Schools district is the sixth-largest school district in Alabama. The school district provided both in-school education and a complete online learning environment because of the COVID-19 pandemic.

On November 30, just as students returned from Thanksgiving break, after a cyber attack interrupted their IT processes, the school district held an early dismissal of students.

The district demanded that all district-issued devices be shut down and remain off unless otherwise informed to prevent the ransomware from spreading to devices loaned to students and faculty.

“Students, families, and faculty and staff members should shutdown their district-issued devices and ensure the devices remain off until further notice. Additionally, stakeholders should avoid logging on any HCS platforms at both school and home,” Huntsville City Schools district stated in a message to parents.

Soon after the district of Huntsville City Schools admitted that it was a ransomware attack and that they were forced to shut down schools while they recovered for the remainder of the week and probably into next week.

Families have been warned to be wary of any emails demanding student information from the Huntsville City Schools district as it may be phishing attacks from the actors of the ransomware threat.

“Families will not receive any district correspondence requesting their student’s name or personal information. HCS encourages families to be extremely cautious in sharing personal information with anyone.  Avoid opening any emails and do not click on any links from unfamiliar email accounts,” the district warned.

Some parents raised concerns about whether student information was compromised because ransomware gangs usually steal unencrypted data before encrypting devices.

“You guys need to be extremely transparent with this process and we need to know exactly what info was compromised on your servers and how it was achieved,” a parent posted to Facebook.

It is not known at this time what ransomware operation is responsible for the attack.