Thousands of schools impacted due to ransomware attack on IT provider

FinalSite hit by ransomware that resulted in the shutdown of school websites

Ransomware attacks obstructed the systems of FinalSite that provides solutions for 8000 schools.

The ransomware attack disturbed access to websites for thousands of schools worldwide.^[1] The company claims to serve over 8000 schools worldwide and offers content management, communications, mobile, and enrolment software. The Twitter post from the firm included the apology for the outage and stated that the attack is the reason customers were forced to endure this issue.^[2]

The security team monitored systems, and the presence of ransomware was indicated on January 4. Specialists have been working since then to ensure that backups are restored and the system is brought out back to full performance. It is not confirmed, but the company states data was not stolen. However, the investigation is still ongoing, and the forensics analysis needs to determine real damages.

The ransomware was not identified, and particular details about the attack still should be released to the public or customers. The duouble-extortion^[3] method, when the money demand for files is not the only blackmail that users encounter, is popular among new ransomware strains. Threats leak stolen data and demand another sum when decryption offers from cybercriminals are not met.

Three days of outage across 115 countries

FinalSite is the software as a service provider that offers content management, hosting, website design solutions. School districts that hosted their websites found that sites were not accessible and delivered errors. The ransomware attack first was not disclosed by the company, they only informed about the issues affecting mainly Composer content management system.

This impact may include, but is not limited to, Groups Manager, Constituent Manager, Login, Forms Manager (old), Registration Manager, Directory Elements, Athletics Manager, Calendar Manager.

Unfortunately, IT administrators at the affected schools were not provided any time frame or how the services should be restored. The administration was forced to send emails about the outage themselves to parents. The outage due to this ransomware attack led to the failure of a notification system that is used to send out alerts about the weather or COVID-19 protocols.^[4]

The growth of ransomware attacks targeting enterprises

Unfortunately, education is a popular target for these cryptocurrency-extortionists. These ransomware operations have been affecting systems related to schools and universities.^[5] It is common for K-12 school districts since they have very limited funding and have smaller support teams, fewer security infrastructures that could help with attack and malware detections.

The fact that these schools lack funds and cash does not mean that cyber insurance is the thing these institutions do not afford. This might be the issue that drives threat actors towards targets like this. Bigger district schools might not be so vulnerable and potentially attacks can be successful when the security measures are at the lower level.

Companies get hit by ransomware, and various giants in media, healthcare industries suffer the consequences of these attacks. Those can start with financial losses when the ransom demand is paid for the decryption, which is rarely possible and completed.

Unfortunately, these ransomware gangs that target the bigger companies demand huge sums coming to millions. These expenses can be doubled when security measures need to take place too. When data is lost and even leaked, issues can overfilled. The avoidance of major issues and consequences of such attacks is the big reason why people and enterprises need to implement precautionary measures.