Thousands of Schools Impacted After IT Provider Hit by Ransomware

A leading provider of school website infrastructure has been hit by a ransomware attack, potentially disrupting thousands of global customers.

Finalsite claims to serve over 8000 schools worldwide, offering content management, communications, mobile and enrolment software.

A message posted by the firm on Twitter yesterday apologized for the “prolonged outage” customers have been forced to endure as a result of the attack.

“The Finalsite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment,” it explained.

“In the time since the incident, our security, infrastructure and engineering teams have been working around the clock to restore backup systems and bring our network back to full performance, in a safe and secure manner.”

Finalsite claimed it had uncovered no evidence that data had been stolen as part of the raid but admitted that forensic work was still ongoing.

Double extortion involving the threat of leaking stolen data is now the norm for such attacks, according to ransomware experts.

According to Coveware, over 80% of attacks in Q3 involved the theft of corporate information alongside file encryption.

There’s no sign of exactly how many schools have been impacted by the attack, although a Reddit user claimed around 2,200 might have been disrupted.

“With numbers like this, there’s a good chance that a school in your town is affected. Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol,” they added.

“The impact of this outage is far greater than the attention it has received.”

There’s no indication of whether Finalsite is engaging with its attackers or when customers can expect a restoration of services

What’s Hot on Infosecurity Magazine?