Ransomware hits school district outside Tulsa, Oklahoma

Administrators say they are refusing to pay ransom demands after a cyberattack locked up critical systems used by the K-12 district.
red keyboard typing
Getty Images

A school district in northeastern Oklahoma has become the latest victim in a growing trend of ransomware attacks targeting schools, universities and local governments.

Administrators of Broken Arrow Public Schools, a Pre-K-12 district of 27 schools outside Tulsa, published a notice on its website Thursday notifying parents it had “recently been experiencing network and server issues,” and that it had confirmed that a ransomware attack was the root cause of the service interruption.

The district said it is now working with cybersecurity experts who had been retained previously through agreements made by its Board of Education. The district said it’s notified the FBI of the attack and does not plan to pay the ransom.

Neither the type of ransomware nor the ransom amount have been disclosed. Ransom demands have ranged widely in amount since the first attacks appeared in 2013 — from a few hundred dollars to hundreds of thousands of dollars. Ransoms are typically requested in the form of cryptocurrency and have recently climbed in dollar amount as attackers target larger organizations with more sophisticated suites of malware that are trickier to remove.


A city in Florida paid its ransomware attackers $600,000 to regain access to its systems. Targets of two of the most prominent ransomware attacks — the city governments of Baltimore and Atlanta — each refused to pay, which is the course of action recommended by the U.S. Conference of Mayors, the FBI and the U.S. Department of Homeland Security. Though they didn’t pay their ransomers, they paid in a different way, as each city wound up incurring recovery expenses topping $17 million.

There have been approximately 200 ransomware attacks made public since 2013.

For Broken Arrow Public Schools, which did not respond to EdScoop’s request for additional information, the cyberattack appears to have had minimal impact on daily activities. “We are not aware of any unauthorized disclosure of student personal data or financial information,” the district’s statement says. And, the statement continues, the school year will begin on Aug. 21, as scheduled.

Latest Podcasts