Arkansas School District Targeted by Rhysida Ransomware Gang Demanding $420K
- Cyber Jack
- Apr 1
- 3 min read
According to an analysis from Comparitech, a ransomware gang known for high-stakes extortion and data leaks has claimed responsibility for a December 2024 cyberattack on Forrest City School District in Arkansas. They are now demanding a ransom of five bitcoin, roughly $420,000, to prevent the public release of sensitive stolen data.
The criminal group, Rhysida, posted the claim over the weekend, alleging it exfiltrated a trove of documents from the district’s network. On its dark web site, the group included samples purported to be internal emails, student records, and financial files as proof. The school district has not confirmed the validity of these claims, and details remain scarce about how the attackers breached the network.
The cyberattack, which occurred around December 12, initially forced Forrest City schools to suspend internet access across the district. At the time, administrators acknowledged the disruption but provided few details about its cause. Rhysida’s public claim is the first clear indication of ransomware involvement.
Forrest City School District, which serves roughly 2,300 students across seven schools in eastern Arkansas, has not publicly responded to the ransom demand. If the district refuses to pay, Rhysida has threatened to auction the data within seven days.
Rhysida’s Ransomware Playbook
Rhysida is a relatively new but rapidly growing ransomware operation that surfaced in mid-2023. Unlike older ransomware models that focused solely on data encryption, Rhysida specializes in dual-threat attacks: stealing data and encrypting systems, then leveraging both for ransom.
In less than two years, the gang has claimed dozens of high-profile victims across healthcare, education, and private industry. Their tactics are consistent: infiltrate a network, quietly extract sensitive data, then lock down operations before issuing a public ultimatum. Victims are given a short window to pay before their data is published or sold.
Forrest City is not the group’s first strike on the education sector. In December alone, Rhysida claimed attacks on a Canadian school division and a university in Oklahoma. Its move against a small Arkansas district suggests no target is too small or too rural.
A Growing Threat to Education
K–12 schools have become an increasingly popular target for ransomware actors. Despite handling troves of sensitive data—from student records to payroll and financial systems—many districts operate with outdated infrastructure and lean cybersecurity resources. These gaps are especially glaring when compared to the evolving sophistication of threat actors.
Ransomware in education doesn’t just mean files held hostage—it often halts grading systems, attendance tracking, staff communication, and even basic administrative functions. In some cases, phone systems, cafeterias, and buses have been affected. And with personal data exposed, students and employees alike are left vulnerable to identity theft and financial fraud.
The education sector saw a dip in reported ransomware incidents last year, but experts caution that underreporting, silent payments, and better data exfiltration tactics may mask the true scale of the problem. If Rhysida’s trend of attacking schools continues, the Forrest City incident may be just the beginning of another aggressive campaign.
What Comes Next?
The clock is now ticking for Forrest City School District. If the district chooses not to pay, Rhysida may follow through on its threat to publish or sell the data. If it does pay, it enters ethically and legally fraught territory—and there’s no guarantee the attackers will honor the deal.
The district’s next steps could shape how other small school systems across the country prepare for and respond to future ransomware threats. For now, Forrest City joins a growing list of educational institutions learning the hard way what a data breach really costs.
Whether that cost ends at $420,000—or grows far beyond it—remains to be seen.
