Providence Public School District Confirms Ransomware Attack After Week of Network Disruptions
The Providence Public School District (PPSD) in Rhode Island confirmed on September 18, 2024, that it had been targeted by a ransomware attack, allegedly carried out by the Medusa cybercriminal group. The attack occurred on September 11, initially described by the district as a "technical issue" on September 12. After a week of network disruptions, PPSD admitted to the ransomware incident, with Medusa demanding a $1 million ransom and claiming to have stolen 201.4 GB of sensitive data, including personal, financial, and educational records. The attack has affected internet services across all 37 schools, impacting over 20,000 students, though schools remain open using offline resources.
The district released the following statement:
The Providence Public School District has experienced a network security breach, and the school board intends to address it with urgency. This evening, we will meet in executive session to learn from the superintendent how the breach occurred, what steps are being taken to resolve it, and how we’re supporting students and families during the outage. We also want to learn what liability resides with our network security vendor and what measures are being taken to ensure this doesn’t happen again. We want to thank our PPSD community for their patience during this time.
Medusa exploited a vulnerability in Fortinet’s software, continuing a wave of ransomware attacks on educational institutions. PPSD has engaged the FBI, state police, and Homeland Security in the investigation, though the full extent of the breach remains unclear. While the district provided hotspots for essential operations, teachers and students—particularly seniors working on college applications—have voiced frustration. Lawmakers have called for more transparency, as PPSD continues to manage the fallout with no clear timeline for full restoration of network services.