A recent cyberattack on the Coweta County School System in Georgia has raised alarms for educational institutions in New Mexico, highlighting a broader trend of ransomware groups targeting schools and universities. The attack, detected on May 3, 2025, forced the shutdown of critical systems affecting 23,000 students across 29 schools1. This incident follows a series of similar breaches in New Mexico, including attacks on Western New Mexico University (WNMU) and Aztec Municipal School District, attributed to Russian-linked Qilin and Interlock ransomware groups2.
Recent Attacks and Tactics
The Coweta County intrusion occurred late on a Friday night, a common tactic to exploit reduced IT staffing during weekends. The school’s IT team, alongside external cybersecurity partners, isolated systems to contain the breach1. Similar timing was observed in the April 13 attack on WNMU, where the Qilin group disrupted website and payroll systems, impacting over 3,000 students3. These incidents reflect a pattern of targeting educational institutions during critical periods, such as exam seasons, to maximize pressure for ransom payments.
Statewide Vulnerabilities and Responses
New Mexico’s educational sector has faced repeated assaults in 2025. In February, the Interlock gang claimed responsibility for an attack on Aztec Municipal School District, while New Mexico Highlands University (NMHU) suffered a ransomware incident on April 3—marking its second breach since 20194. Governor Michelle Lujan Grisham responded with an executive order mandating cybersecurity upgrades for state agencies, though gaps remain in K-12 defenses5.
Broader Implications for Security Teams
The attacks underscore systemic weaknesses in school networks, often lacking robust segmentation or endpoint detection. For instance, the BlackSuit ransomware variant used against East Central University in Oklahoma exfiltrated student SSNs due to unpatched vulnerabilities6. Key recommendations include:
- Implementing network segmentation to limit lateral movement
- Deploying behavior-based monitoring for after-hours activity
- Conducting ransomware response drills with IT and administrative staff
These incidents highlight the need for coordinated threat intelligence sharing between educational institutions and state agencies. The New Mexico Governor’s Office has partnered with Emsisoft to analyze attack patterns, revealing that over 70 U.S. schools were hit by ransomware in 2025 alone7.
Conclusion
The surge in attacks against New Mexico’s schools reflects a national crisis in educational cybersecurity. While state mandates and federal grants are steps forward, proactive measures like zero-trust architectures and mandatory staff training are critical to mitigating future breaches. The Coweta County case serves as a warning: without urgent action, schools remain prime targets for financially motivated and state-sponsored threat actors alike.
References
- “Hackers hit schools in Georgia, New Mexico,” The Record, May 2025.
- “WNMU cyberattack linked to Russian hackers,” Searchlight NM, April 2025.
- “Cyberattack disrupts WNMU systems,” Silver City Daily Press, April 2025.
- “Aztec schools attack claimed by Interlock gang,” Comparitech, February 2025.
- “NM Governor’s cybersecurity executive order,” April 2024.
- “Ransomware hits NMHU and East Central University,” The Record, April 2025.
- Emsisoft ransomware tracking data, 2025.
