Finalsite, a Software-as-a-Service (SaaS) provider used by thousands of K-12 school districts and universities in the US, has suffered a ransomware attack that left many of its services inoperational, and thousands of school websites inaccessible for days.
Many school sites first became inaccessible earlier this week, but the company did not immediately confirm it had been hit by ransomware. Instead, it notified schools of certain “performance issues”, affecting a number of its services, such as Groups Manager, Constituent Manager, Login, Forms Manager (old), Registration Manager, Directory Elements, Athletics Manager, Calendar Manager, with schools even prevented from sending out emergency notifications to parents,
But now, three days after the initial alert, Finalsite has apologized for the mess and confirmed it was the target of a ransomware attack:
Ransomware disrupts multiple services
“While we have made progress overnight to get all websites up and running, full restoration has taken us longer than anticipated,” today’s status update reads. “On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment.”
According to the status update, the ransomware has been “contained”, and an investigation is underway, together with a third-party forensic specialist.
Finalsite is yet to disclose which ransomware group is behind the attack, which malware it used to compromise the network, what the ransom demand is, or whether it plans on paying it or not. Given the standard modus operandi of ransomware groups these days, it’s safe to presume that the company’s sensitive data has been stolen and that it will be published online, unless the demands are met.
Schools aren’t exactly rich, but most of them have cyber insurance to cover the expenses, and ransomware operators know it, Emsisoft threat analyst Brett Callow told BleepingComputer.
“Last year, 87 incidents disrupted learning at as many as 1,043 individual schools. In 2020, 84 incidents disrupted learning at 1,681 schools. The fact that the average size of the impacted districts has decreased could indicate a correlation between budget size and (in)security level.”
“The bigger the district, the bigger the security budget and the better the security that’s in place,” he concluded.