FinalSite ransomware attack shuts down 5000 school sites

The school website service provider is the latest victim in an increasing number of educational institutes to suffer ransomware attacks

Leading school website service provider FinalSite suffered a ransomware attack this week, disrupting online access for thousands of educational institutions worldwide. 

FinalSite is a software as a service (SaaS) provider that covers website design, hosting, and content management solutions for K-12 schools and universities. 

Schools that use FinalSite to host their websites were met with display errors or simply found that their services were no longer reachable due to the attack. 

The platform did not disclose the information at the time, stating that they were experiencing error and “performance issues” that was mostly affecting their Composer content management system. 

After three days of disruption to their services, FinalSite confirmed the ransomware attack today. 

FinalSite apologises 

Spanning across 8000 institutions within 115 countries, FinalSite updated their users with an apology today: 

We are incredibly sorry for this prolonged outage and fully realize the stress it is causing your organizations. While we have made progress overnight to get all websites up and running, full restoration has taken us longer than anticipated,” the status update read. 

“The FinalSite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment.” 

“We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline.” 

FinalSite also created a template that schools can send to parents which describes a “disruption of certain computer systems on its network,” but does not mention the attack. 

It is not currently known which group was involved in the attack on FinalSite, or whether any data was compromised. 

An easy target 

Educational institutes have become a popular target for ransomware attacks in recent years, especially so for K-12 schools with limited funding and less security infrastructure. 

Danny Lopez, CEO of Glasswall comments: “Reports of the education sector being the victim of cyber attacks have become increasingly common over the last two years. News like this regarding FinalSite is concerning considering the extensive damage that can be caused in terms of lost data – for both students and staff – and access to vital educational services.  

“Educational institutions should adopt a ‘defence-in-depth’ approach to cybersecurity, as advised by the NCSC. This means using multiple layers of defence with several mitigations, which creates more opportunities to detect malware and prevent it from doing widespread harm to the institution. 

“But even when all procedures and policies are well-executed, there’s no escaping the fact that adversaries are constantly looking to probe vulnerabilities. Often this is as simple as inserting malware using documents and files shared in their hundreds every day in an educational environment. It’s vital these organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing all users to do their vital work. 

“Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers, it is crucial to strengthen all processes relating to access verification. Without a zero-trust approach, organisations run the risk of attackers having a free reign across a network once they are inside.”

You might also like: Cyber safety is just as important as emergency response preparation, say British parents

Leave a Reply

How to secure MATs against cyber attacks

Download the Sophos FREE guide today