Ransomware Attack Suffered by FinalSite Shuts Down Thousands of Websites
The Website Service Provider Has Been the Victim of an Attack that Disrupted Access to Websites for Thousands of Schools Worldwide.
FinalSite is a software as a service (SaaS) company that provides K-12 school districts and institutions with website design, hosting, and content management solutions. FinalSite is apparently providing solutions for over 8,000 institutions and colleges in 115 countries.
Recently, school districts whose websites were hosted by FinalSite discovered that they were no longer accessible or displayed errors.
FinalSite did not reveal that they had been attacked at the time, instead stating that they were having error and “performance difficulties” across different services, primarily their Composer content management system.
We are currently investigating an issue leading to increased error rates and performance issues across our legacy modules, and our team is investigating a fix as a critical priority. We’ll provide additional updates as soon as we have them.
This impact may include, but is not limited to, Groups Manager, Constituent Manager, Login, Forms Manager (old), Registration Manager, Directory Elements, Athletics Manager, Calendar Manager.
BleepingComputer observed that FinalSite did not give school IT administrators a time window for when services would be restored, forcing them to send out emails informing parents of the outage.
Our website is currently down due to an issue that our service provider is experiencing. We apologize for any inconvenience this may cause you.
System administrators also took to Reddit to discuss the fact that the attack prevented schools from sending closure notifications due to weather or COVID-19.
Normally it’s not all that interesting to write a post saying $provider is down. But in this case, the outage is so broad and so long, that it’s surprising how little attention it has gotten.
Around noon on January 4, school websites hosted by Finalsite went down. 3 days later they are still mostly down, and have finally admitted that the outage is caused by a Ransomware attack.
They host about 2,200 sites. With numbers like this, there’s a good chance that a school in your town is affected.
Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol.
The impact of this outage is far greater than the attention it has received.
FinalSite confirmed that a ransomware attack on their network is the reason causing the outages.
We are incredibly sorry for this prolonged outage and fully realize the stress it is causing your organization. While we have made progress overnight to get all websites up and running, full restoration has taken us longer than anticipated.
The Finalsite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment. We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists and began proactively taking certain systems offline.
In the ensuing time since the incident, our security, infrastructure, and engineering teams have been working around the clock to restore backup systems and bring our network back to full performance, in a safe and secure manner. Third-party forensic specialists are assisting us in bringing things back slowly and carefully to ensure the environment is safe and stable.
We have full access to our files and data. The forensic investigation is ongoing and at this time, we have no evidence that our data or client data has been taken. If we determine otherwise through the course of the investigation, we’ll act swiftly to notify you and will take all appropriate actions.
I want to assure you that the integrity, safety, and security of our network and the information held in our care are amongst our top priorities. Due to the nature of the investigation, we were unable to share this information with you until now. We are taking steps to secure the environment and ensure this type of incident does not occur again. We will share more details with you as we learn more.
At this time, it is unknown what ransomware gang conducted the attack on FinalSite and whether any data got stolen.
How Can Heimdal™ Help?
In the fight against ransomware, Heimdal™ Security is offering its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).