Ransomware in Arkansas: 8 Shocking Attacks on Local Organizations

Another day, another headline. Ransomware attacks are becoming way too close for comfort. 

And by close I mean...close to home.

Ransomware is a particularly vicious (and common) type of cyberattack that essentially holds a company's mission-critical data, files, systems, etc. hostage (i.e., denies access to them) until the company agrees to pay a particular amount of money. And because your data is your business, and because it's hard to be productive when locked out of your systems, some companies have little recourse but to pay the ransom. 

Of course, attackers have more tricks up their sleeves. In addition to holding your business systems/data hostage, cybercriminals can also, in a practice known as double extortion, expose or threaten to expose files containing confidential information (read: sensitive client data) to the dark web and/or the highest bidder.

That's the double-edged sword of ransomeware: business stops and data leaks. 

You can see why many businesses decide to pony up on the ransom.

There's just too much at stake.

In 2024 alone, 1.35 million U.S. businesses were targeted for a ransomware attack. That's about 3,700 attacks every single day! Far more than any other country. 

No wonder the United States has been called "the ransomware capital of the world." 

And ransomware attacks on U.S. businesses are on the rise: up 146% between 2024 to 2025.

What about that ransom, though? How much do cybercriminals demand from their victims?

According to IBM, the median ransom rose from $199K in 2023 to — gulp —  $1.5 million in June 2024.

But not small businesses, right? And not in Arkansas, right? 

Unfortunately, small businesses may be even more prone to ransomware attack. Why? Because they're under-resourced — with less budget, personnel, etc. — and usually have more system vulnerabilities. In fact, according to MasterCard, 43% of all cyberattacks in 2023 targeted small businesses, specifically.

And Natural State companies aren't immune either. Ransomware often strikes right next door.

Below, we share details on eight ransomware attacks that hit Arkansas-based organizations.

Each case offers a warning to us: that ransomware attacks are unfortunately very common...

...and that they're very close to us right here in Arkansas. 

There's More to Ransomware Than Meets the Headlines

First, some important context: Ransomware attacks on schools/colleges, governments, and healthcare facilities garner most of the headlines  — and, indeed, we discuss attacks on a few such organizations below.

However, it would be incorrect to assume that schools/college, governments, and healthcare facilities are the most common victims of ransomware attacks. Manufacturing and technology, actually, are the top two industrial sectors picked on by ransomware criminals. And, as seen, small businesses, too, are often targeted by hackers.

So why the seeming imbalance in the news? Why do we hear so much about cyberattacks on schools/colleges, government, and healthcare — but not as much about attacks on, say, manufacturing and small businesses?

Simple. Many private businesses aren't required to disclose — by law or necessity — attacks by cybercriminals. And so many simply don't report cyberattacks on their business. It's easy to understand why. 

But know this: There are many more ransomware attacks out there than we read or hear in the news.

Many more. As seen already, about 3,700 a day in the U.S. alone.

Across all industrial sectors; targeting businesses of all sizes.

8 Notable Ransomware Attacks on Arkansas Organizations

Rogers-Based Apprentice Information Systems (and many county governments by extension)

Dozens of county offices across the state went offline in 2022 when Apprentice Information Systems of Rogers was targeted for a ransomware attack. The attack focused directly on AIS assets providing server capacity and software solutions to multiple county-level offices.

The disruption was felt hard by some AIS clients. 

“We’re doing it like the old days right now," said Judge Ben Cross of Pope County, one of the impacted counties. "Our local systems are intact, but what it has done is make us resort to doing things like physically issuing checks.”

Judge Cross went on to say the cyberattack appeared to originate out of Russia.

The Little Rock School District

On December 5, 2022, the 21,200-student Little Rock School District fell victim to a ransomware attack resulting in a $250,000 payment to hackers. The LRSD school board voted 6-3 in favor of paying the attackers – and the ordeal caused quite a stir in the community.

“This is a horrible, horrible, horrible situation, and there aren’t any good options,” said LRSD Superintendent Jermall Wright about the ransomware attack during one board meeting. 

Altogether, the cyberattack may have cost the district upwards of $700K.

Northwest Arkansas Community College (NWACC)

It probably felt like something out of a movie — one with a lot of suspense. In July 2024, printers on the NWACC campus started printing out ransom demands from cybercriminals. Printouts also contained an ominous threat: If the ransom was not paid, attackers said they'd post confidential, personal information stolen from NWACC's network to the darknet.

NWACC intentionally shut down its network and alerted the FBI.

Because the attack happened just before the start of the semester, a tactic used by hackers to put additional pressure on schools to cough up on ransoms, NWACC was forced to push back its start date. No ransom was paid ultimately, but NWACC later reported that cybercriminals "may have copied files containing some personal information." 

Bella Vista City Government

Governments, too, are frequently targeted for ransomware attacks. Consider Bella Vista, Arkansas.

As we previously described, attackers attempted to infiltrate Bella Vista's network in August 2024 — forcing city offices to close for several days before reopening. Fortunately, the city was able to contain much of the damage.

“We have determined all infected devices and are at 100% containment,” said Bella Vista IT Director John Moeckel. “We have not paid any ransom and restorations are proceeding forward.”

The incident was, however, expected to cost Bella Vista more than $132,000, with cyber insurance covering at least part of the expense.

Ransomware attacks on local city governments don't always end without a ransom payment. In 2021, the nearby city of Joplin, Missouri was forced to pay cybercriminals $320,000 following a cyberattack.

Oral Facial & Surgery Clinic of Fayetteville

A ransomware attack on a Fayetteville, Arkansas medical clinic exposed the records of roughly 128,000 patients to a possible security breach. Patient names, addresses, and social security numbers were all potentially compromised during the attack, and attackers even gained access to patient x-rays and other business-critical files.

"The cyberattack is still under investigation," reported Healthcare IT News, "but Arkansas Oral Facial Surgery Center officials said they believe the attack was purely meant for extortion purposes."

Ransomware attackers are usually more interested in the money than the data. The data, which they may threaten to unleash on the dark web, is generally leveraged to negotiate a higher price and force payment.   

The Heritage Company of Sherwood, Arkansas

The Heritage Company was forced to layoff 300 employees during the 2019 Christmas season because of a ransomware attack and the resulting loss of hundreds of thousands of dollars.

CEO Sandra Franecke wrote a letter to stunned employees:

"...approximately two months ago our Heritage servers were attacked by malicious software that basically 'held us hostage for ransom' and we were forced to pay the crooks to get the 'key' just to get our systems back up and running. Since then, IT has been doing everything they can to bring all our systems back up, but they still have quite a long way to go. Also, since then, I have been doing my utmost best to keep our doors open, even going as far as paying your wages from my own money to keep us going until we could recoup what we lost due to the cyber attack."

Highlands Oncology Group

In January of 2025, hackers infiltrated the network of Highlands Oncology Group in Northwest Arkansas — where they remained undetected until June 2025. Ransomware was then used to encrypt files and demand a ransom.

Highlands Oncology Group reported that personally identifiable information may have been accessed. 

Medusa, a prolific ransomware group, took credit — if we can call it that — for the attack. 

"Highlands Oncology Group was added to the Medusa data leak site temporarily, and a $700,000 ransom was demanded," wrote Steve Alder of The HIPPA Journal.

"There is currently no listing on the data leak site, which suggests the ransom was paid" (emphasis added). 

Central Baptist College of Conway, Arkansas

In January of 2022, Central Baptist College (CBC) of Conway underwent an audacious ransomware incident. The attack resulted in a complete takeover of the college's 230 desktop computers, prompting an initial $3 million ransom demand. "Not only did my computer shut down," recalled CBC president Terry Kimbrow, "but I quickly learned that all 230 desktop computers on campus had rebooted and this message was on the screens: 'You now have a new Admin'."

An ominous message.  

No ransom was paid, and CBC was able to restore its systems. However, that attackers kept CBC hostage for roughly five weeks. The college was forced to shut down its servers during the multi-week attack, blocking the college from serving students, staff, and faculty with crucial systems like Wi-Fi, admissions, financial aid, and security cameras.

Taken together, what's the moral of the story, that is, stories?

• Ransomware attacks happen every day. More with each passing year.
• They happen to small to medium-sized businesses.
• And, yes, they happen here in Arkansas.

But what to do about it?

Fight Back Against Cyberattacks, Arkansas

A ransomware attack isn't only expensive in terms of the IT response and perhaps even an expensive ransom payment, but such cyberattacks can bring business to an abrupt standstill. Possibly for weeks. The security breaches can also expose sensitive customer data to malicious actors, which could create legal woes and a public relations disaster. 

All very bad news. But there is good news...

You can fight back!

If you have questions about the security or vulnerability of your systems, TekTrendz offers a free consultation – no strings attached – to businesses of Northwest Arkansas and the surrounding region. 

You're not in the fight alone. We're here to help.