Finalsite, an internet software house that provides school districts with website design, hosting and content management solutions, has been hit by a ransomware attack.
Earlier this week, school districts whose websites are hosted by Finalsite found they were no longer accessible or exhibited errors. While Finalsite at the time blamed the problems on “performance difficulties” across different services, the Glastonbury, Connecticut-based company confirmed that the outage was caused by ransomware.
“On Tuesday, January 4th, our team identified the presence of ransomware on certain systems in our environment” the company said in a statement. “We immediately took steps to secure our systems and contain activity. We quickly launched an investigation into the event with the help of third-party forensic experts and began proactively taking certain systems offline.”
Finalsite spokesperson Morgan Delack told Ploonge that 5,000 of its 8,000 global customers – including school districts in Kansas City, Illinois and Missouri – were affected by the incident. In addition to site interruptions, a Reddit user claimed the incident also prevented some schools from sending email notifications about school closures due to outbreaks of COVID-19.
In its latest status update, FinalSite says that “the vast majority of front-end sites are online”, although it notes that “some sites may still not have proper styling, admin login functionality, calendar events or constituent directories”. A Finalsite client, Espírito Santo Preparatory School in Pennsylvania, he said on Friday while your site is back online, the application forms and our email system remain unavailable.
Finalsite’s spokesman said the company shut down its customers’ websites when it noticed a problem and rebuilt its system in a clean environment from scratch. “That’s why it’s taking so long to get everyone back online,” she said. “The malware problem isn’t what caused sites to go down – we took them down to protect our customers’ data.”
It remains unclear how the attackers gained access to Finalist systems, and it remains unclear what ransomware was used in the attack. The company told Ploonge that it continues to work with a forensic specialist to complete a full investigation.
Delack added that there is “no evidence” to suggest that any data was compromised as a result of the ransomware attack, but declined to say whether Finalsite has the means – such as logs – to detect data exfiltration citing an ongoing investigation . .
Educational institutions and their providers have become a popular target for threat actors since the onset of the pandemic, which has caused many to switch to online remote learning. Last September, for example, the Howard University of Washington, DC was forced to cancel classes after falling victim to a ransomware attack.