Finalsite Ransomware Attack Freezes Thousands of School Websites

A major cyber attack on Finalsite, a leading school platform provider, disrupted thousands of schools worldwide over several days this week.

Finalsite offers website, communications, enrollment and marketing platforms to more than 8,000 schools and universities in 115 countries around the world.

On Jan. 4, an unexpected hit to its IT infrastructure took down its clients’ education websites and services.

For two days, the firm used its status page to keep clients in the loop about its progress in restoring functionality, only to admit on Thursday that it had suffered a ransomware attack – and knew about it, but kept it a secret as investigations were still ongoing.

“On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment,” Finalsite officials said. “We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline.”

The issue affected Finalsite’s legacy modules, including Groups Manager, Constituent Manager, Login, Forms Manager, Registration Manager, Directory Elements, Athletics Manager, and Calendar Manager.

“Due to the nature of the investigation, we were unable to share this information with you until now,” the notice said. “We are taking steps to secure the environment and ensure this type of incident does not occur again. We will share more details with you as we learn more.”

Because of the outages, many districts have been unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol, according to a Reddit thread.

Finalsite says it has no evidence that its data or client data has been compromised, and that the company still has full access to its files and data, meaning the attack has not been 100% successful.

However, there is no telling if the attackers might have actually copied data and threatened to leak it if they don’t get a ransom.