FinalSite, a leading school website service provider, suffered a ransomware attack disrupting access to the websites of thousands of schools around the world.
FinalSite is a Software as a Service (SaaS) provider that provides website design, hosting and content management solutions for K-12 school districts and universities. FinalSite claims to provide solutions to more than 8,000 schools and universities in 115 different countries.
On Tuesday, school districts that hosted their websites with FinalSite found that they were no longer accessible or were showing errors.
At the time, FinalSite did not disclose that it had suffered an attack, but simply said it was experiencing errors and “performance issues” in various services, primarily affecting its Composer content management system.
“This impact may include, but is not limited to, Group Manager, Constituent Manager, Login, Forms Manager (old), Record Manager, Directory Items, Athletics Manager , the calendar manager, “we read on FinalSite’s status page.
A school IT administrator told BleepingComputer that FinalSite had not given him a deadline on when services would be restored and was forced to send emails to parents alerting them of the outage.
“Our website is currently down due to a problem with our service provider. We apologize for any inconvenience this may cause you,” read an example of an outage email shared with BleepingComputer.
In addition to the website outages, a system administrator shared on Reddit that the attack prevented schools from sending closure notifications due to weather or COVID-19.
“Many districts are complaining that they cannot use their emergency notification system to notify their communities of closures due to weather conditions or the COVID-19 protocol,” the report said. Reddit post.
Outages caused by a ransomware attack
After three days of disruption, FinalSite today confirmed that a ransomware attack on its network was the cause of the outages.
“We are incredibly sorry for this prolonged outage and fully realize the stress it is causing your organizations. While we have made progress overnight to get all websites up and running, the full restore took us longer. than expected, ”FinalSite apologized in a status update. today.
“The Finalsite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on some systems in our environment.
“We took immediate action to secure our systems and contain activity. We quickly launched an investigation into the event with the help of third-party forensic specialists and began to proactively take some systems offline. “
However, in a template created by FinalSite that schools can send to parents, there is no mention of the ransomware attack, and just that FinalSite is experiencing a “disruption to some computer systems on its network.”
It is not known which ransomware gang carried out the attack on FinalSite and if any data was stolen as part of the attack.
As most ransomware operations targeting businesses steal data before encrypting it, we’ll likely learn that the data has been accessed in a future update.
BleepingComputer contacted FinalSite with further questions about the attack but did not receive a response.
If you have first-hand information about this or other cyberattacks, you can contact us confidentially on Signal at +16469613731, Wire at @ lawrenceabrams-bc, or Jabber at [email protected].
Education is a popular target
School districts and universities have become a popular target for ransomware operations over the years.
This is especially true for K-12 school districts with very limited funding and therefore tend to have smaller support teams and less security infrastructure to detect impending attacks.
“While school districts may not have enough money, the point is that many have cyber insurance and can therefore afford to pay claims – and that puts them in the crosshairs,” he said. Emsisoft Threat Analyst Brett Callow told BleepingComputer.
“Last year 87 incidents disrupted learning in up to 1,043 individual schools. In 2020, 84 incidents disrupted learning in 1,681 schools. The fact that the average size of the affected districts has decreased could indicate a correlation between the size of the budget and (in) level of security. “
“The larger the neighborhood, the greater the security budget and the better the security in place.”
- No school data stolen in ransomware attack behind site outages
- Best website builder of 2021: In-depth reviews of 50+ services
- Zoom security issues: Everything that’s gone wrong (so far)
- Expeditors shuts down global operations after likely ransomware attack
- Sports brand Mizuno hit with ransomware attack delaying orders