Finalsite Ransomware Attack Forces 5,000 School Websites Offline

Finalsite Ransomware Attack Forces 5,000 School Websites Offline

A ransomware attack has attacked Finalsite, an internet software company that supplies school districts with website design, hosting, and content management solutions. School districts whose websites hosted by Finalsite realized that they were no longer accessible or were displaying errors earlier this week. Finalsite initially blamed the downtime on “performance challenges” across many services, but the Glastonbury, Connecticut-based Corporation has recently revealed the disruption was caused by ransomware.

The company said in a statement “on Tuesday, January 4th, our team identified the existence of ransomware on specific systems in our environment.” “We took swift action to safeguard our systems and stop the behavior.” With the help of third-party forensic professionals, we swiftly launched an investigation into the incident and began proactively pulling certain systems offline.” Finalsite representative Morgan Delack told TechCrunch that the incident has affected 5,000 of the company’s 8,000 global clients, including school districts in Kansas City, Illinois, and Missouri. 

A Reddit user reported that the incident hindered certain schools from receiving email warnings about school closures due to COVID-19 outbreaks, in addition to website failures. The “great majority of front-facing websites are online,” according to Finalsite’s last status update, albeit “some sites may still lack correct layout, admin log-in capabilities, calendar events, or constituent directories.” The Holy Ghost Preparatory School in Pennsylvania, a Finalsite customer, announced on Friday that while its website is back online, registration forms and the email system are still down.

When the company discovered a problem, it took its customers’ sites offline and rebuilt its system from the ground up in a clean environment, according to a Finalsite spokesperson. “That’s why getting everyone back online is taking so long,” she explained. “The virus issue was not the reason for the sites’ downtime; we took them down to protect our clients’ data.” It is still unclear how the attackers acquired access to Finalist’s computers, and what type of ransomware utilized in the attack. According to TechCrunch, the corporation is still working with a forensic investigator to conduct a full examination.

The firm claims there is “no evidence” that any data was stolen as a result of the ransomware assault, but a spokeswoman for Finalsite declined to explain whether the company has the tools — such as logs — to detect data theft, citing an ongoing investigation. Since the beginning of the pandemic, when many people switched to online-based remote learning, educational institutions, and their providers have become a frequent target for threat actors. Howard University in Washington, D.C., for example, was forced to cancel classes last September after falling victim to a ransomware attack.