Thousands of School Websites Are Down Due to FinalSite Ransomware Attack

Thousands of School Websites Are Down Due to FinalSite Ransomware Attack

FinalSite, a prominent school website services provider, reveals that a ransomware attack has disrupted access to websites for thousands of schools globally. FinalSite is a software-as-a-service (SaaS) company that provides K-12 school districts and institutions with website design, hosting, and content management solutions. It claims to have solutions in place for more than 8,000 institutions and colleges in 115 countries.

On Tuesday, school districts that used FinalSite to host their websites discovered that they were no longer accessible or showing errors. FinalSite didn’t reveal that they had been attacked at the time. Instead, they confirmed having errors and “performance issues” across some services, most of which were hurting their Composer content management system.

According to a school IT administrator, FinalSite did not specify a time range for when services would be restored, and they were compelled to send letters to parents informing them of the outage. A system administrator reported on Reddit that the attack prohibited schools from issuing closure alerts due to weather or COVID-19, in addition to the website disruptions.

“Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol,” clarified the Reddit post.

FinalSite recently revealed that a ransomware attack on their network is to blame for the disruptions, which have lasted three days. However, the ransomware attack is not mentioned in a template made by FinalSite that schools can send to parents, instead stating that FinalSite is experiencing “disruption of certain computer systems on its network.”

It’s unclear which ransomware group attacked FinalSite or whether any data was taken as a result of the attack. Whether the data was accessed or not will be found in a subsequent update because most enterprise-targeting ransomware operations take data before encrypting. FinalSite was approached with more inquiries concerning the attack, but no answer was obtained.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.


Share on facebook
Share on twitter
Share on linkedin