STARKVILLE – A data breach that has crippled Starkville-Oktibbeha Consolidated School District’s network appears to be a ransomware attack, according to online sources.
The district is listed under recent data breaches that have been discovered by Breachsense, a company that monitors dark web and criminal marketplaces to find data breaches. The breach was discovered Dec. 30, and is attributed to a cybercrime group called SafePay, according to the listing. The group first surfaced in October 2024 and has targeted public entities and businesses across the globe, including two other K-8 school districts in December, according to Breachsense.
In a ransomware attack, cybercriminals infect the targeted computer system with malware that encrypts the data, effectively locking the user out. Then the attackers demand a ransom be paid in exchange for a decryption key, often threatening to release the data on the dark web.
Haley Montgomery, communication director for SOCSD, acknowledged in a Thursday email to The Dispatch the breach was a “malware encryption event.” It has left students, faculty and staff without internet access on district campuses since the spring semester began Monday.
Montgomery could not comment Thursday on when the issue would be resolved.
“We are diligently investigating the situation, while also working to safely restore our network systems and internet access as quickly as possible,” she wrote in the email. “The district has not paid any ransom and has no intention of paying a ransom.”
In a message sent to parents Monday, Montgomery said the discovery of “suspicious activity” on the computer network prompted the district to shut down network resources, including internet access, ahead of teachers and students returning this week. The district is working with third-party specialists to investigate the source of the disruption and its impact, she said.
The district has not confirmed if student and employee data was accessed in the breach.
A costly problem
Ransomware attacks on K-12 school districts have been on the rise in the last decade. A 2024 threat assessment report by the Department of Homeland Security said school districts have been a “near constant ransomware target” due to budget constraints in information technology departments and lack of cybersecurity resources.
School districts are also likely to pay the ransom, the report said, making them an even easier target.
A 2024 study by United Kingdom-based cybersecurity firm Sophos found more than half of “lower education” systems worldwide pay to recover hijacked data when victimized by ransomware. The ransom payments averaged $7.5 million.
While states like Florida and North Carolina have laws prohibiting state and local government agencies from paying these ransoms, Mississippi law does not specifically speak to the issue, State Auditor’s Office spokesperson Jacob Walters told The Dispatch. Walters said some districts purchase cybercrime insurance to cover things like ransomware attacks.
Should you pay the ransom?
Wesley McGrew, senior cybersecurity fellow for MartinFederal Consulting in Memphis, Tennessee, said many ransomware groups maintain websites on the dark web, which is an invisible side of the internet often used for anonymous browsing and criminal activity.
On the websites, groups list victims, whether the victims have paid and any data they’ve already released. The sensitivity of that data can vary, said McGrew, who also once served as director of cyber operations for Horne Cyber and as a cybersecurity instructor at Mississippi State University.
“With a school, it may be anything from just a set of files to perhaps a student database, which would be on the bad end,” he said. “Student names, Social Security numbers and addresses of their parents – that would be the worst-case scenario for a school.”
As more ransomware groups utilize extortion, more organizations are paying the ransom to prevent losing data, McGrew said. Often the ransom is very small in comparison to paying for incident responders, investigations and legal consultations, he said.
“You don’t see organizations being investigated or penalized or criminally held liable for (paying), but you’re not going to see law enforcement advise that you pay a ransom,” McGrew said. “But (victims) may, as a practical matter, need to (pay the ransom) in order to protect your intellectual property and to reduce the impact of your status with customers, or in this case, your students, parents and community.”
Whether the data is returned once a ransom is paid depends on the group, McGrew said. It’s good business for the ransomware groups to stick to their commitment, and he said many do.
What to do if your info gets on the dark web
But if a ransom isn’t paid or the group doesn’t adhere to its own terms, the data could be lost or released on the dark web.
“You need to have an investigation to try to figure out how they got in and try to keep that from happening again, but you can’t put the genie back in the bottle with the loss of the data,” McGrew said. “All you can do is try to limit the impact of that.”
If you’re concerned your data was leaked on the dark web, it’s good to keep an eye on credit reports and bank accounts, McGrew said.
But without further information from the school district about what was compromised, it’s hard for a potentially affected person to determine exactly how to respond, he said.
“Once the deadline is up or somebody has refused to pay, and the bad actor posts the data that they stole, there are various sites on the internet that will catalog that and help you try to figure out whether you’ve been impacted,” he said. “Really the folks impacted by this, their first indication and best indication of what’s involved is just going to come from the school district notifying them.”
McRae is a general assignment and education reporter for The Dispatch.
You can help your community
Quality, in-depth journalism is essential to a healthy community. The Dispatch brings you the most complete reporting and insightful commentary in the Golden Triangle, but we need your help to continue our efforts. In the past week, our reporters have posted 35 articles to cdispatch.com. Please consider subscribing to our website for only $2.30 per week to help support local journalism and our community.
You can help your community
Quality, in-depth journalism is essential to a healthy community. The Dispatch brings you the most complete reporting and insightful commentary in the Golden Triangle, but we need your help to continue our efforts. In the past week, our reporters have posted 35 articles to cdispatch.com. Please consider subscribing to our website for only $2.30 per week to help support local journalism and our community.
