School Websites Down for Days
Last week, a ransomware attack on education software-as-a-service (SaaS) provider FinalSite forced 5,000 school websites offline. Schools use FinalSite to manage school communication and strengthen their online presence. The hosting provider claims to have more than 8,000 schools as customers in over 100 countries. On January 4, however, hackers managed to install ransomware on certain systems. FinalSite immediately took action. In the process, unfortunately, thousands of its clients lost access to their websites and accompanying online services. This happened at a time just as students prepared to return to school after the Christmas holidays. The ransomware attack affected several systems. Consequently, it took multiple days to fully restore user access. On January 7, the vast majority of sites’ front ends were up and running again, albeit with styling and functional issues. It took another two days to restore admin access.
“Determined Who the Threat Actor is”
FinalSite has not yet released exact details of the attack. However, the company did confirm that they engaged a third-party security expert to investigate the source of the disruption and to restore full functionality as soon as possible. In a forensic investigation statement posted on Twitter, Jonathan Moser, CEO and Founder of FinalSite, explained that, so far, they:
Have determined who the threat actor is Have contained all threat actor activity Knew how the threat actor gained access to their systems on 4 January, 2021
Furthermore, the company confirmed that they have taken measures to prevent a recurrence of such an incident. To be clear, it was not the ransomware itself that took school websites offline, but the actions of FinalSite in order to rebuild websites from back-ups in a new and secure environment.
No School Data Stolen
A week-long investigation into the incident confirmed that there is no evidence of any data having been viewed, accessed, or stolen by hackers. “FinalSite does not transmit or store any credit card data. FinalSite does not store academic records, social security numbers, or any other confidential information,” explained Morgan Delack of FinalSite in a press release. Nonetheless, some schools may host other types of data, like names and addresses. It is also unclear whether the hackers compromised any corporate information. The investigation is still ongoing and could take another couple of weeks. FinalSite expects, however, that the remainder of the investigation will only confirm their findings. “Should there be variance in our findings through the remainder of the investigation, we will promptly inform clients and take appropriate next steps,” concluded Moser.
Spike in School Website Hacks
Ironically, FinalSite recently posted a blog about the spike in school website hacks. The five most common intrusions affecting school websites, according to the service provider, are DDoS attacks, phishing attempts, malware, brute force attacks, and non-targeted website attacks.