Ransomware gang Medusa yesterday took credit for a June 2025 cyber attack on Franklin Pierce Schools in Tacoma, Washington.
The school district canceled classes on June 10, 2025 in response to a server, network, internet, and phone outage caused by a possible system compromise.
Medusa says it stole 821 GB of data from Franklin Pierce Schools and gave the district 10 days to pay a $400,000 ransom.
Franklin Pierce Schools has not verified Medusa’s claim. We do not know if the district did or will pay a ransom, what information might be compromised, or how attackers breached the district’s network. Comparitech contacted Franklin Pierce Schools for comment and will update this article if it replies.
“We are currently part of a forensic investigation to determine if any of our systems have been compromised,” the district said in an emergency update on its website. “We are working diligently with third-party IT specialists to investigate the source of this disruption, confirm its impact on our systems, and restore full functionality to our systems as soon as possible.”
Who is Medusa?
Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to unlock their systems and for not selling or publishing stolen data.
Medusa has taken credit for 135 confirmed ransomware attacks to date, compromising about 3.2 million records. Its average ransom demand is $651,000.
26 of those attacks hit US schools and colleges, including:
- Laurens County School District 56 in South Carolina reported a February 2025 ransomware attack for which Medusa demanded $320,000 in ransom
- Fall River Public Schools in Massachusetts reported an April 2025 data breach in which Medusa demanded $400,000
- Albion College in Michigan notified 6,390 people of a December 2024 data breach in which Medusa demanded $100,000
Medusa made 108 attack claims in 2025 to date, 20 of which were acknowledged by the targeted organizations.
Ransomware attacks on US education
Comparitech researchers have logged 23 confirmed ransomware attacks on US schools, colleges, and other educational institutions in 2025 to date. By comparison, we recorded 83 attacks in all of 2024 and 124 in 2023.
Other recent such attacks include:
- Edwardsburg Public Schools reported a September 2024 attack led to school closures. Chort took credit.
- Indian Springs School District 109 notified 11,542 people of an October 2024 data breach claimed by RansomHub
- Webb Institute in New York notified 1,520 people of a September 2024 data breach claimed by Inc
Ransomware attacks on schools and colleges can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, assignments, and more. Ransomware attacks are often two-pronged: they lock down systems and steal data. Schools that refuse to pay a ransom face extended downtime, data loss, and putting students and faculty at increased risk of fraud.
About Franklin Pierce Schools
Franklin Pierce Schools consists of three high schools, two middle schools, eight elementary schools, and one pre-school in the Tacoma, WA area. It enrolls about 7,300 students, according to external sources.
