Botetourt County Public Schools experienced a ransomware attack by the Qilin gang on May 13, 2025. The attack disrupted the district’s IT systems, and Qilin claimed to have stolen 315 GB of data, including contracts, payroll documents, details of district employees' direct deposit accounts, and private correspondence. The ransomware gang demanded an undisclosed amount in ransom by June 12, 2025, threatening to release the stolen data if the ransom is not paid. The school district has not verified the claim, and the extent of the data breach and the ransom amount remain unknown.
TPRM report: https://scoringcyber.rankiteo.com/company/botetourt-county-public-schools
"id": "bot725053025",
"linkid": "botetourt-county-public-schools",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Education',
'location': 'Finacastle, Virginia',
'name': 'Botetourt County Public Schools',
'size': 'More than 4,000 students',
'type': 'Educational institution'}],
'attack_vector': ['Phishing emails'],
'data_breach': {'type_of_data_compromised': ['Contracts',
'Payroll documents',
"Details of district employee's "
'direct deposit accounts',
'Private correspondence']},
'date_detected': 'May 13, 2025',
'description': 'Ransomware gang Qilin claimed responsibility for a cyber '
'attack on Botetourt County Public Schools, demanding a ransom '
'by June 12, 2025.',
'impact': {'data_compromised': ['Contracts',
'Payroll documents',
"Details of district employee's direct "
'deposit accounts',
'Private correspondence'],
'systems_affected': 'Some of the district’s IT systems'},
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': '315 GB',
'ransom_demanded': 'Undisclosed amount',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'Comparitech'}],
'threat_actor': 'Qilin',
'title': 'Ransomware Attack on Botetourt County Public Schools',
'type': 'Ransomware'}