[TheRecord] FinalSite discloses ransomware attack that crippled websites for 8,000 schools

A ransomware attack on FinalSite, a cloud-based web hosting provider specialized in school and educational websites, has crippled the school portals and web services of more than 8,000 schools across more than 110 countries.

“On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment,” FinalSite said in a status update last night.

Despite the prolonged outage that has impacted thousands of schools, the company said it couldn’t disclose the incident until yesterday due to an ongoing investigation.

FinalSite said it has taken affected systems offline and has recovered and restored most affected websites already.

“While we still have work to do, the vast majority of front-facing websites are online. Some sites may still lack proper styling, admin log-in functionality, calendar events, or constituent directories, but the team is currently working to restore these elements,” it said.

An important message from Finalsite: pic.twitter.com/BXW5dzfJS3

— Finalsite (@Finalsite) January 6, 2022

Some schools were severely impacted

But the incident has had a severe impact on schools that use FinalSite, many of which have lost the ability to notify parents by email or through messages posted on their main sites.

“Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol,” one of the FinalSite customers said in a Reddit thread last night, after the company disclosed the attack.

Some schools had backup notification systems in place, but even so, their activity was still disrupted either way, even if in a more limited fashion.

Update 9:45 am (1/5): Our website provider is still experiencing widespread technical issues. The Prep’s website is down & access to Canvas is limited. Today’s school day is running as scheduled and our phone & email systems remain operational. We will continue to share updates,

— St. John’s Prep (@stjohnsprep) January 5, 2022

“It’s mostly about transparency. They [FinalSite] haven’t told us anything important except they had an outage,” one of the FinalSite customers told The Record via Reddit. “Outages are usually one or two hours long. We were not prepared. We thought we’d have everything up and running by the end of the day, not week.”

FinalSite is restoring from backups

Nevertheless, FinalSite said that despite the crippling attack that has encrypted some of their servers, they are now successfully restoring from backups.

“We have full access to our files and data. The forensic investigation is ongoing and at this time, we have no evidence that our data or client data has been taken,” FinalSite said yesterday.

No details are currently available about how the attackers gained access to FinalSite’s infrastructure or what type of ransomware was used in the attack. The company promised to share more details as it deals with the attack’s aftermath and restores affected systems.

The post FinalSite discloses ransomware attack that crippled websites for 8,000 schools appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[BleepingComputer] New unofficial Windows patch fixes more PetitPotam attack vectors

A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft’s official security update. […] Source: Read More (BleepingComputer)

Read More

[TheRecord] Hackers leak full EA data after failed extortion attempt

The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The data, dumped on an underground cybercrime forum on Monday, July 26, is now being widely distributed on torrent sites. According to a […]

Read More

[NCSC-FI News] CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine

CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes […]

Read More