FinalSite ransomware attack shuts down thousands of school websites
"FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide.
FinalSite is a software as a service (SaaS) provider that offers website design, hosting, and content management solutions for K-12 school districts and universities. FinalSite claims to provide solutions for over 8,000 schools and universities across 115 different countries.
On Tuesday, school districts that hosted their websites with FinalSite found that they were no longer reachable or were displaying errors.
At the time, FinalSite did not disclose that they had suffered an attack but simply said that they were experiencing error and "performance issues" across various services, affecting mostly their Composer content management system.
"This impact may include, but is not limited to, Groups Manager, Constituent Manager, Login, Forms Manager (old), Registration Manager, Directory Elements, Athletics Manager, Calendar Manager," reads the FinalSite status page.
A school IT administrator told BleepingComputer that FinalSite did not provide them with a time frame as to when services would be restored and were forced to send emails to parents alerting them of the outage.
"Our website is currently down due to an issue that our service provider is experiencing. We apologize for any inconvenience this may cause you," read an example outage email shared with BleepingComputer.
In addition to the website outages, a system administrator shared on Reddit that the attack prevented schools from sending closure notifications due to weather or COVID-19.
"Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol," explained the Reddit post.
Outages caused by a ransomware attack
After three days of disruption, FinalSite confirmed today that a ransomware attack on their network is causing the outages.
"We are incredibly sorry for this prolonged outage and fully realize the stress it is causing your organizations. While we have made progress overnight to get all websites up and running, full restoration has taken us longer than anticipated," FinalSite apologized in a status update today.
"The Finalsite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment."
"We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline."
However, in a template created by FinalSite that schools can send to parents, there is no mention of the ransomware attack, and just that FinalSite is experiencing a "disruption of certain computer systems on its network."
[...] Morgan Delack, the Director of Communications for FinalSite, told BleepingComputer that they proactively shut down their IT systems to prevent the spread of the attack, which led to approximately 5,000 school websites going offline. . .
While Delack could not share the name of the ransomware operation due to ongoing investigations, BleepingComputer was told that there is no evidence of data being compromised, and they are continuing to investigate with a third-party cybersecurity firm.
As most enterprise-targeting ransomware operations steal data before encrypting, we will likely learn in the future if data was accessed in a future update.
If you have first-hand information about this attack or other cyberattacks, you can confidentially contact us on Signal at +16469613731, Wire at @lawrenceabrams-bc, or Jabber at lawrence.abrams@anonym.im.
NOTE:
Education is a popular target
School districts and universities have become a popular target for ransomware operations over the years.
This is especially true for K-12 school districts with very limited funding and thus tend to have smaller support teams and less security infrastructure to detect imminent attacks.
"While school districts may not be flush with cash, the fact is that many carry cyber insurance and so can afford to pay demands - and that puts them in the crosshairs", Emsisoft threat analyst Brett Callow told BleepingComputer.
"Last year, 87 incidents disrupted learning at as many as 1,043 individual schools. In 2020, 84 incidents disrupted learning at 1,681 schools. The fact that the average size of the impacted districts has decreased could indicate a correlation between budget size and (in)security level."
"The bigger the district, the bigger the security budget and the better the security that's in place."
1/7/21: Added statement from FinalStite
========================================================================
LATEST ARTICLES
The Week in Ransomware - January 7th 2022 - Watch out for USB drives
With the holidays these past two weeks, there have been only a few known ransomware attacks and little research released. Here is what we know.
- January 07, 2022
- 05:50 PM
- 0
SonicWall: Y2K22 bug hits Email Security, firewall products
SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1, 2022.
- January 07, 2022
- 04:56 PM
- 0
Study to be an ethical hacker with this $20 certification training
These ethical hacking courses in this training are $200 apiece individually, but for a limited time, you can get the entire bundle today for just $20.
- January 07, 2022
- 04:47 PM
- 0
FBI: Hackers use BadUSB to target defense firms with ransomware
The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group targeted the US defense industry with packages containing malicious USB devices to deploy ransomware.
- January 07, 2022
- 01:14 PM
- 1
FluBot malware now targets Europe posing as Flash Player app
The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.
- January 07, 2022
- 12:37 PM
- 0
Diversity job board Canvas.com ordered to stop using domain name
Diversity recruiting site Canvas.com has been ordered by a U.S. District judge to drop the use of the domain name over a trademark dispute.
- January 07, 2022
- 11:52 AM
- 0
US counterintelligence shares tips to block spyware attacks
The US National Counterintelligence and Security Center (NCSC) and the Department of State have jointly published guidance on defending against attacks using commercial surveillance tools.
- January 07, 2022
- 11:22 AM
- 0
NHS warns of hackers exploiting Log4Shell in VMware Horizon
UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.
- January 07, 2022
- 09:29 AM
- 0
QNAP warns of ransomware targeting Internet-exposed NAS devices
QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.
- January 07, 2022
- 08:20 AM
- 0
Train for a career in cybersecurity with this $20 CompTIA course bundle
The 2022 Premium CompTIA CyberSecurity and Security+ Exam Prep Bundle can help get you started with its 6 jampacked courses focused on cybersecurity and CompTIA certification prep. The courses are $200 individually, but you can get the bundle today for only $20.
- January 07, 2022
- 07:15 AM
No comments:
Post a Comment