lockbit2 attacks Sapulpa High School

Incident Date:

February 6, 2022

World map



lockbit2 attacks Sapulpa High School


Sapulpa High School




Sapulpa, USA

Oklahoma, USA

First Reported

February 6, 2022

Ransomware Attack on Sapulpa High School

Victim Profile

Sapulpa High School, a key institution within Sapulpa Public Schools in Oklahoma, has recently fallen victim to a ransomware attack by the group Lockbit2. This educational establishment is known for its commitment to fostering academic excellence within a nurturing environment. The school's official platform offers extensive resources, including details on academic programs, cafeteria services, necessary school supplies, state report cards, emergency protocols, and academic calendars.

Company Size and Industry Standing

As a public educational entity, Sapulpa Public Schools serves the broader Sapulpa community, emphasizing the importance of safety and security. This commitment is evident through the district's proactive measures in addressing concerns related to bullying, harassment, intimidation, threats, weapons, drugs, and other safety or security issues through its website.

Vulnerabilities and Targeting

The increasing trend of ransomware attacks targeting educational institutions is alarming, with approximately 5,000 schools impacted by an attack on the software provider Finalsite in 2022 alone. Sapulpa High School's recent experience underscores the ongoing vulnerability of K-12 schools in the United States, which have seen over a thousand schools affected annually over the past three years. Factors such as outdated software, a lack of comprehensive cybersecurity training, and inadequate cybersecurity budgets contribute to the susceptibility of schools to such cyber threats.

Investigation and Response

The ransomware attack on Sapulpa High School is currently under thorough investigation, with federal authorities lending their expertise. Details regarding the specifics of the attack and the full extent of the damage remain undisclosed at this time.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.