AHISD refuses to reveal if it paid cyberattack ransom | #ransomware | #cybercrime

Alamo Heights Independent School District officials refused to say whether they paid a ransom following a March cyberattack that left the district without internet for nearly a full week.

Citing an ongoing investigation into the incident, spokesperson Julie Ann Matonis said the district could not provide any additional information on the matter.

“We appreciate the understandable interest our community has in relation to this matter, but cannot provide further detail at this time as we have an active and ongoing investigation,” Matonis said in a statement. 

After noticing connectivity problems on March 23, AHISD officials announced to district families on March 27 they had resolved the issue and restored district technology systems with the help of external forensic investigators. This meant the external threat no longer had access to the district’s network, Matonis said. The district had been successfully walled off from the external intrusion.

“Due to the complexity of these incidents, investigations are labor-intensive and typically take several weeks to complete following restoration,” she wrote over email. “We are diligently working to identify the full scope of the information involved.”

As the district worked to solve the connectivity problem, it reported the attack to the Federal Bureau of Investigation. Paying a ransom does not guarantee an organization will recover data, according to the FBI’s website. The agency does not support paying a ransom in response to an attack. 

Former FBI special agent William Odom, who started his career with the federal bureau in New York before transferring to Houston, explained the agency’s recommendation.

Paying a ransom does not guarantee an organization will recover its data following a ransomware attack, he said. Hackers have provided incorrect keys to recover data or asked for more money after victims pay the original ransom. 

“You’re not dealing with a legitimate business or somebody that you can get reliable information from,” Odom said. “You’re taking a risk.”

The co-founder of a technology consulting firm, Orbital Data Consulting, Odom now helps clients respond to incidents like the one in Alamo Heights ISD and protect themselves against cyberattacks. He said it is ultimately up to each victim how they wish to respond to an online attack, given the individual circumstances and how much data hackers compromised. 

“It really does become a cost-benefit analysis, and certainly for school districts that have a limited budget, that’s part of the issue,” he said.

Backing up data and building a cybersecurity plan before an attack occurs gives school districts more strategies to mitigate harm. This could include assessing vulnerabilities in digital networks, auditing which stakeholders should have permissions to technology systems and ensuring proper training for staff members.

“Particularly in this case where it’s a ransomware attack, the way that the bad actors find their way in is not as high-tech as most people think,” he said. 

A staff member could have clicked a link in an email that they thought was “legit,” and not seen anything happen in the moment, Odom said. 

“A lot of the ransomware that we’ve seen recently has gotten a bit more complex,” he said.

While the number of ransomware attacks across other industries has decreased, they have remained a real and continued threat to school systems, which serve a critical function. They also may not have the levels of security as many other organizations of the same size, like for-profit corporations, Odom explained. This makes school districts vulnerable targets. 

Cyberattacks targeting school districts have ramped up since the COVID-19 pandemic.

In 2021, Judson ISD paid hackers over $500,000 to protect sensitive personal information after a month-long attack that compromised personal data and shut down the district’s phones, computers and email systems. 

Judson ISD Assistant Superintendent of Technology Lacey Gosch spoke to Texas lawmakers in 2023 about the incident, asking for extra state support. 

“The topic of ransomware is rarely shared among organizations and is viewed as a scarlet letter or badge of dishonor to technology and security teams,” she said in the statement. “I am here to testify that this issue must be discussed openly and provide support to adequately protect, prevent, and mitigate cybersecurity breaches.”

Earlier this school year, the Uvalde Consolidated Independent School District canceled classes for part of a week in September 2025 due to an attack.

In September 2019, lawmakers passed Senate Bill 820, mandating districts adopt cybersecurity policies, designate a cybersecurity coordinator and report breaches to the Texas Education Agency. 

To support districts as these attacks increase, the TEA launched a K-12 Cybersecurity Initiative in 2023 to help districts increase their preventative measures. The initiative strongly encouraged school systems to implement digital controls, including Multi-Factor Authentication, protections against email phishing and ransomware-detection systems on district servers and devices. 

Texas legislators approved an additional $42 million in funding to extend the initiative through August 2027.

Public school systems have been the target of these attacks across the country.

Hackers targeted the Minnesota Department of Education in 2023, and New York City Public Schools has experienced a cybersecurity incident almost every year since 2022, according to the district website.

“Be aware. We tell that to everybody every day,” Odom concluded.