Memphis-Shelby County Schools Blocks Zero-Day Ransomware Before a Single File Was Encrypted
Memphis-Shelby County Schools
Challenge
Challenge MDR and EDR failed to stop a zero-day ransomware variant targeting 2,500 IT endpoints across a large Tennessee school district.
Solution
RansomSnare sensors deployed on critical servers, unsupported OS, and admin environments as a reinforcing layer after a ZeroDay Simulation Test revealed coverage gaps.
Result
Result Zero-day ransomware blocked before a single file was encrypted. No data loss, no downtime, and legacy systems protected for the first time.
At a Glance
Industry
SLED / K-12 Education
Location
Memphis, Tennessee
Environment
2,500 IT endpoints
Existing Stack
MDR + EDR (existing vendor)
Deployment
Critical servers, legacy OS, admin environment
Product Used
RansomSnare by SecuritySnares
Time to Deploy
2 Weeks
District Size
225 schools, 146,000+ students
Zero-Day Strains Tested
6 strains tested/missed by EDR
Background
Memphis-Shelby County Schools (MSCS) is the largest public school district in Tennessee, serving the city of Memphis and Shelby County. Formed in 2013 by the merger of Memphis City Schools and Shelby County Schools, MSCS operates 225 schools and serves over 146,000 students across 2,500 IT endpoints. Like most districts, it relied on MDR and EDR to protect its environment. When a zero-day ransomware variant hit, neither caught it.
The Challenge
The attack used an unknown variant with no existing signature, slipping through both the MDR and EDR undetected. Three factors made the exposure especially acute:
· Learning continuity: System downtime directly impacts students and staff across 225 schools.
· Legacy OS coverage: Parts of the environment ran on unsupported operating systems most EDR vendors leave unprotected.
· Limited IT resources: The district needed a solution requiring no ongoing maintenance or specialized staff.
The Solution
SecuritySnares first ran their ZeroDay Ransomware Simulation Test to document exactly where coverage ended. Results confirmed gaps around novel variants and legacy OS environments, giving the security team evidence to act on.
RansomSnare sensors were then deployed across the highest-risk surfaces: critical servers, unsupported OS, and the administrative user environment. The existing MDR and EDR stack stayed in place. RansomSnare was added as a reinforcing layer to catch what signature-based tools miss, with no internet connectivity, no updates, and less than 50 MB of RAM and 1% CPU per device.
Results
· Zero-day ransomware blocked: RansomSnare stopped unknown variants the existing EDR missed, before a single file was encrypted.
· No data loss: No student records, financial data, or operational systems were compromised.
· No downtime: Attacks stopped without isolating devices; staff and students experienced no disruption.
· Legacy systems covered: Endpoints on unsupported OS, previously unprotected, were secured for the first time.
· Endpoints deployed: 2,500
· Time to deploy: 2 Weeks
“SecuritySnares’ preventative approach has been a game changer for us. Having the ability to stop a ransomware attack before it can execute is unlike anything we’ve seen before.”
- Richard Berroa, Executive Director II of IT Operations, Memphis-Shelby County Schools
Why SecuritySnares?
· No disruption to operations: Stops attacks without isolating devices, so systems stay online.
· Variant-agnostic: Detects ransomware behavior, not known signatures, catching new and unknown zero-day variants by design.
· Lightweight, zero-maintenance: No internet required. No updates. Under 50 MB RAM and 1% CPU per device.
· Legacy OS support: Full Windows support back to XP/2008 R2, covering infrastructure most EDR vendors leave unprotected.
About SecuritySnares
SecuritySnares develops RansomSnare, a microsensor that reinforces existing endpoint protection to stop zero-day ransomware before it encrypts a single file. RansomSnare works alongside any EDR or XDR, requires no internet connectivity, and supports legacy and modern operating systems across public sector, education, healthcare, and critical infrastructure.
See how RansomSnare stops ransomware before damage occurs.
Request a Live Demo