Ridgefield Public Schools (RPS) was hit by a ransomware attack on July 24, 2025, executed by the SafePay ransomware gang. The attack involved the encryption of the school district's computer network and the theft of 90 GB of data. The attackers set a ransom deadline of just over two days, threatening to release the stolen data if their demands were not met. The school district took its network offline to investigate and is currently working on system restoration. While the exact ransom amount and payment status remain undisclosed, the fact that SafePay published RPS on its leak site suggests negotiations failed. The attack has caused significant disruption, with ongoing investigations into potential data breaches and efforts to restore access to critical systems like email for teachers. The incident highlights the growing threat of ransomware in the education sector, where sensitive personal and financial data of students, staff, and faculty are at risk.
TPRM report: https://www.rankiteo.com/company/ridgefield-school-district
"id": "rid400080725",
"linkid": "ridgefield-school-district",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Education',
'location': 'Ridgefield, Connecticut, USA',
'name': 'Ridgefield Public Schools',
'size': '4,500 students',
'type': 'School District'}],
'customer_advisories': 'Public statements on website',
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': '90 GB',
'personally_identifiable_information': 'Potentially',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Potentially sensitive personal '
'information'},
'date_detected': '2025-07-24',
'date_publicly_disclosed': '2025-07-25',
'description': 'Ridgefield Public Schools was hit by a ransomware attack on '
'July 24, 2025. The SafePay ransomware gang claimed '
'responsibility and threatened to release 90 GB of stolen data '
'if the ransom was not paid. The school district took its '
'network offline to investigate and is currently restoring '
'systems.',
'impact': {'brand_reputation_impact': 'Potential damage due to data breach',
'data_compromised': 'Potentially sensitive personal information',
'downtime': 'Ongoing restoration',
'identity_theft_risk': 'High, if personal data was stolen',
'operational_impact': 'Disruption to email access and other '
'systems',
'systems_affected': 'Computer network'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain through ransom payment and data extortion',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': 'Unknown amount',
'ransom_paid': 'Unknown',
'ransomware_strain': 'LockBit-based'},
'references': [{'source': 'Cybersecurity news article'}],
'response': {'communication_strategy': 'Public statements and advisories on '
'safeguarding data',
'containment_measures': 'Network taken offline',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Restoring email access',
'remediation_measures': 'System restoration ongoing'},
'stakeholder_advisories': 'Advice on safeguarding data provided',
'threat_actor': 'SafePay',
'title': 'Ransomware Attack on Ridgefield Public Schools',
'type': 'Ransomware Attack'}