A school website services provider called FinalSite has experienced a ransomware attack resulting in numerous shutdowns of school websites globally.
The website services provider is a SaaS (software-as-a-service) that offers website makeover, hosting, design, and content management solutions for senior high school districts and universities. FinalSite has provided website solutions for approximately 8,000 academic institutions in over 100 distinct countries worldwide.
In January 2022, some school districts that hosted their sites with FinalSite discovered they were no longer accessible or were making errors. However, FinalSite did not reveal that they had experienced a ransomware attack. Instead, they claimed they suffered a performance issue across multiple services that affected their Composer content management system.
FinalSite stated in their status page that their “performance issue” was affected but was not limited to Logins, old Forms Manager, Registration Manager, Directory Elements, Groups Manager, Athletics Manager, Calendar Manager, and Constituent Manager.
One of the impacted schools’ IT administrators said in an interview that FinalSite did not give them a schedule as to when the company would fix the services. Hence, their schools were forced to send notification emails to parents regarding the shutdown of their websites.
After three days of the site outage, FinalSite has finally admitted that a ransomware attack disrupted school websites.
According to the website services provider, they are sorry for the extended outage, and they know the stress it caused to the affected academic institutions. However, even though they made progress in getting all the websites back in their standard operation, full recovery of the entire network might take a while.
Additionally, FinalSite has assured everyone that their security team monitors their network 24/7, and recently, their cybersecurity team identified the existence of ransomware on specific systems in their environment.
They promised all their clients that they immediately took preventive measures to secure their systems and obstruct ransomware activity. Also, they instantly deployed an investigation of the event with the aid of third-party experts and started proactively taking systems offline.
It is currently unknown whether the ransomware attackers have stolen data on the affected websites of several academic institutions.
Since most ransomware attacks that target enterprises are for data encryption, it may be possible that the operation of the threat actors has stolen some data and will encrypt them soon.
