FinalSite discloses ransomware attack that crippled websites for 8,000 schools

A ransomware attack on FinalSite, a cloud-based web hosting provider specialized in school and educational websites, has crippled the school portals and web services of more than 8,000 schools across more than 110 countries.

"On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment," FinalSite said in a status update last night.

Despite the prolonged outage that has impacted thousands of schools, the company said it couldn't disclose the incident until yesterday due to an ongoing investigation.

FinalSite said it has taken affected systems offline and has recovered and restored most affected websites already.

"While we still have work to do, the vast majority of front-facing websites are online. Some sites may still lack proper styling, admin log-in functionality, calendar events, or constituent directories, but the team is currently working to restore these elements," it said.

Some schools were severely impacted

But the incident has had a severe impact on schools that use FinalSite, many of which have lost the ability to notify parents by email or through messages posted on their main sites.

"Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol," one of the FinalSite customers said in a Reddit thread last night, after the company disclosed the attack.

Some schools had backup notification systems in place, but even so, their activity was still disrupted either way, even if in a more limited fashion.

"It's mostly about transparency. They [FinalSite] haven't told us anything important except they had an outage," one of the FinalSite customers told The Record via Reddit. "Outages are usually one or two hours long. We were not prepared. We thought we'd have everything up and running by the end of the day, not week."

FinalSite is restoring from backups

Nevertheless, FinalSite said that despite the crippling attack that has encrypted some of their servers, they are now successfully restoring from backups.

"We have full access to our files and data. The forensic investigation is ongoing and at this time, we have no evidence that our data or client data has been taken," FinalSite said yesterday.

No details are currently available about how the attackers gained access to FinalSite's infrastructure or what type of ransomware was used in the attack. The company promised to share more details as it deals with the attack's aftermath and restores affected systems.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.