Ultimate website ransomware attack affects 5,000 offline school websites - TechCrunch
Finalsite, an internet software house that provides website design, hosting and content management solutions to school districts, has been hit by a ransomware attack.
Earlier this week, school districts that have websites hosted by Finalsite found that they were no longer available or that they were displaying errors. While Finalsite blamed the "performance problems" across various services, the Glastonbury, Connecticut - based company has since confirmed that the breach was caused by ransomware.
"On Tuesday, January 4, our team identified the presence of ransomware on some systems in our environment," the company said in a statement. We quickly launched an investigation into the incident with the support of third party forensic experts, and proactively began deploying some systems offline. ”
A spokesman for the latest site, Morgan Delack, told TechCrunch that the event affected 5,000 of their 8,000 global customers - including school districts in Kansas City, Illinois, and Missouri. In addition to a website breach, one Reddit user reported that the incident prevented some schools from sending email notifications about school closures as a result of the COVID-19 revolution.
In its latest status update, Finalsite states that "most face-to-face websites are online," although it says "some sites may not have the right style yet , ability to log administration, calendar events, or shared records. ”One Finalsite Buyer, Pennsylvania Holy Spirit Preparatory School, said on Friday even though its website is back online, registration forms and the email system are not yet available.
A Finalsite spokesman said the site company took its customers offline when they noticed a problem and built their system in a clean environment from the ground up. "That's why it takes time for everyone to get back online," she said. "It was not a malware issue that caused sites to go down - we took them down to protect our messenger data."
It is not clear how the attackers gained access to Finalist systems, and it is not yet known what type of ransomware was used in the attack. The company tells TechCrunch that they are continuing to work with a forensic expert to complete a detailed investigation.
The company said there was "no evidence" that any data had been taken as a result of the ransomware attack, but the spokesman declined to say whether Finalsite - such as logs - had the means to escape the data, citing ongoing study.
Educational institutions and their providers have become a popular target of threat actors since the outbreak of the pandemic, which has seen many move to online-based distance learning. Last September, for example, Howard University in Washington, DC had to cancel classes after suffering a ransomware attack.