A leading School Website Service Provider, FinalSite has suffered a ransomware attack disrupting expiration access to websites for thousands of schools and academies across the world. FinalSite is a software as a service (SaaS) provider that offers website design, hosting, and content management solutions for K-12 school communities and universities. FinalSite argues to provide solutions for over 8,000 schools and institutes across 115 different countries.
At the time, FinalSite did not demonstrate that they had to go through an attack but simply said that they were undergoing an error and “performance issues” across miscellaneous services, affecting mostly their Composer content management system. “This effect may include, but is not defined to, Groups Manager, Constituent Manager, log in, Forms Manager (old), Registration Manager, Directory Elements, Athletics Manager, Calendar Manager,” reads the FinalSite status page.
A school IT administrator told our experts that FinalSite did not provide them with a time frame as to when services would be restored and were forced to send emails to parents alerting them of the outage. “Our website is currently down due to an issue that our service provider is experiencing. We apologize for any inconvenience this may cause you,” read an example outage email shared with Our experts.
Additionally to the website outages, a system administrator shared on Reddit that the attack prevented schools from sending closure notifications due to weather or COVID-19. “Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol,” explained the Reddit post.
Outages caused by a ransomware attack
After three days of trouble, FinalSite approved today that a ransomware attack on their network is compelling the trouble. “We are enormously apologetic for this comprehensive interruption and completely recognize the anxiety it is causing your associations. While we have made improvements overnight to get all websites up and running, full rehabilitation has taken us longer than expected.”
“The Finalsite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment.”
“We instantly took steps to protect our systems and to contain the activity. We quickly established an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline.”
Regardless, in a template created by FinalSite that schools can transmit to parents, there is no recognition of the ransomware attack, and just that FinalSite is encountering a “disruption of certain computer systems on its network.” It is not known what ransomware gang conducted the attack on FinalSite and whether data was stolen as part of the attack.
As most enterprise-targeting ransomware operations steal data before encrypting, we will likely learn that data was accessed in a future update. Our expert has contacted FinalSite with further questions about the attack but has not received a response.
Why Education is a Well-known target?
School communities and universities have become famous targets for ransomware procedures over the years. This is especially true for K-12 school districts with very limited allowance and thus manage to have smaller support teams and less security infrastructure to detect close attacks.
“While school districts may not be flush with cash, the fact is that many carry cyber insurance and so can afford to pay demands – and that puts them in the crosshairs”, Emsisoft threat analyst Brett Callow told our experts.
“Last year, 87 incidents disrupted learning at as many as 1,043 individual schools. In 2020, 84 happenings disrupted learning at 1,681 schools. The fact that the average size of the affected communities has reduced could show a correlation between budget size and in security level.”
