FinalSite released the results of a six-day investigation into last week’s ransomware attack, claiming there was no proof that hackers accessed or stole data from schools.
FinalSite is a Software-as-a-Service (SaaS) company that provides website hosting, design, and content management systems to educational institutions like K-12 schools and universities. On Tuesday, it was hit by ransomware, forcing them to shut down their IT infrastructure, including web servers that host clients’ websites. Approximately 5,000 school websites, including 3,000 for public school districts in the United States, were taken down due to this.
FinalSite claimed in a press conference that they recruited Mullen Coughlin LLC’s privacy attorneys and Charles River Associates’ cyber forensic investigators to look into the cyberattack. After a six-day investigation, FinalSite identified the ransomware gang responsible for the attack and how they obtained access to their network. Still, they won’t reveal their identities due to continuing investigations. FinalSite is reportedly sure that no “customer data” was accessed or taken during the ransomware attack, as per the article.
“After six days of investigation, we know when the threat actor entered, how they entered, and what they looked at. We are confident in saying that no client data has been viewed, compromised or extracted,” the FinalSite’s investigation report says.
“During the remaining course of the investigation, if we determine otherwise, we’ll act swiftly to notify you and take appropriate action.”
According to the company, customers who employ FinalSite’s service do not save sensitive information such as academic records, social security numbers, payment information, or personal information. However, depending on the services used, some sites may save demographic data such as names, email addresses, and phone numbers. While the threat actors may not have taken client information, the hackers most certainly took FinalSite’s business data during the attack.
When ransomware gangs infiltrate corporate networks, they frequently stay for days, if not weeks, before encrypting devices. Threat actors steal data from the victim during this period and use it as leverage when seeking a ransom payment. If data from FinalSite is taken, the threat actors would almost certainly post it on a data leak site until a ransom is paid. While this is great news for school districts, parents, and children, it is unclear if the attack compromised employee data.