Uvalde Consolidated Independent School District will reopen on Monday, September 22, after a ransomware attack forced a week-long shutdown across all campuses. The attack disrupted key internal systems, including phone lines, thermostats, and security infrastructure.

The district said it discovered ransomware on its servers over the weekend of September 14 and immediately canceled classes for the following week. In a Facebook post, UCISD noted that no data breach had been confirmed and that some systems — like the district website and student records — remained unaffected since they were “hosted off-site.”

“The ransomware detected by the district is affecting several essential online systems, including phones, thermostats, camera monitoring and visitor management systems,” the district said in its public update.

Officials confirmed that the FBI is involved in the ongoing investigation. The agency described ransomware as “one of the fastest-growing threats the agency investigates.” Supervisory Special Agent Justin Akers, who leads the FBI’s cyber squad in San Antonio, said, “It is a very significant threat and it’s a priority for the FBI.”

Although classes were initially expected to resume by Friday, the district announced a new restart date of Monday, September 22, citing continued restoration efforts. “We plan to resume classes on Monday, September 22nd. However, we urge Uvalde CISD staff, parents, and caregivers to regularly check their email and visit the Uvalde CISD social media channels and website for updates,” the district posted.

Athletics were also affected. The junior high football games against Crystal City were canceled due to “concerning social media posts,” while high school games were still scheduled to continue.

UCISD has not disclosed the specific ransomware strain or whether any ransom demand was made. So far, the investigation has not revealed any evidence of stolen data. School officials continue to coordinate with federal and state agencies to restore impacted services and determine the full scope of the breach.