08 January 2022

Ransomware Attacks: Thousands of School Websites Worldwide Disrupted | Bleeping Computer

First and capping-off the entire week is this report from Lawrence Abrams, then the latest articles

FinalSite ransomware attack shuts down thousands of school websites

"FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide.

FinalSite is a software as a service (SaaS) provider that offers website design, hosting, and content management solutions for K-12 school districts and universities. FinalSite claims to provide solutions for over 8,000 schools and universities across 115 different countries.

On Tuesday, school districts that hosted their websites with FinalSite found that they were no longer reachable or were displaying errors.

At the time, FinalSite did not disclose that they had suffered an attack but simply said that they were experiencing error and "performance issues" across various services, affecting mostly their Composer content management system. 

"This impact may include, but is not limited to, Groups Manager, Constituent Manager, Login, Forms Manager (old), Registration Manager, Directory Elements, Athletics Manager, Calendar Manager," reads the FinalSite status page.

A school IT administrator told BleepingComputer that FinalSite did not provide them with a time frame as to when services would be restored and were forced to send emails to parents alerting them of the outage.

"Our website is currently down due to an issue that our service provider is experiencing. We apologize for any inconvenience this may cause you," read an example outage email shared with BleepingComputer.

In addition to the website outages, a system administrator shared on Reddit that the attack prevented schools from sending closure notifications due to weather or COVID-19.

"Many districts are complaining that they are unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol," explained the Reddit post.

Outages caused by a ransomware attack

After three days of disruption, FinalSite confirmed today that a ransomware attack on their network is causing the outages.

"We are incredibly sorry for this prolonged outage and fully realize the stress it is causing your organizations. While we have made progress overnight to get all websites up and running, full restoration has taken us longer than anticipated," FinalSite apologized in a status update today.

"The Finalsite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment."

"We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline."

However, in a template created by FinalSite that schools can send to parents, there is no mention of the ransomware attack, and just that FinalSite is experiencing a "disruption of certain computer systems on its network."
[...] Morgan Delack, the Director of Communications for FinalSite, told BleepingComputer that they proactively shut down their IT systems to prevent the spread of the attack, which led to approximately 5,000 school websites going offline. . .

While Delack could not share the name of the ransomware operation due to ongoing investigations, BleepingComputer was told that there is no evidence of data being compromised, and they are continuing to investigate with a third-party cybersecurity firm.

As most enterprise-targeting ransomware operations steal data before encrypting, we will likely learn in the future if data was accessed in a future update.

If you have first-hand information about this attack or other cyberattacks, you can confidentially contact us on Signal at +16469613731, Wire at @lawrenceabrams-bc, or Jabber at lawrence.abrams@anonym.im.

NOTE:

Education is a popular target

School districts and universities have become a popular target for ransomware operations over the years.

This is especially true for K-12 school districts with very limited funding and thus tend to have smaller support teams and less security infrastructure to detect imminent attacks.

"While school districts may not be flush with cash, the fact is that many carry cyber insurance and so can afford to pay demands - and that puts them in the crosshairs", Emsisoft threat analyst Brett Callow told BleepingComputer.

"Last year, 87 incidents disrupted learning at as many as 1,043 individual schools. In 2020, 84 incidents disrupted learning at 1,681 schools. The fact that the average size of the impacted districts has decreased could indicate a correlation between budget size and (in)security level."

"The bigger the district, the bigger the security budget and the better the security that's in place."

1/7/21: Added statement from FinalStite

========================================================================

LATEST ARTICLES

Ransomware

The Week in Ransomware - January 7th 2022 - Watch out for USB drives

With the holidays these past two weeks, there have been only a few known ransomware attacks and little research released. Here is what we know.

  • SonicWall

    SonicWall: Y2K22 bug hits Email Security, firewall products

    SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1, 2022.

  • Cybersecurity ethical hacking penetration testing

    Study to be an ethical hacker with this $20 certification training

    These ethical hacking courses in this training are $200 apiece individually, but for a limited time, you can get the entire bundle today for just $20.

    • BleepingComputer Deals
    • January 07, 2022
    • 04:47 PM
    • Comment 0
  • FIN7

    FBI: Hackers use BadUSB to target defense firms with ransomware

    The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group targeted the US defense industry with packages containing malicious USB devices to deploy ransomware.

  • Android

    FluBot malware now targets Europe posing as Flash Player app

    The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.

  • Domain Name Internet ICANN

    Diversity job board Canvas.com ordered to stop using domain name

    Diversity recruiting site Canvas.com has been ordered by a U.S. District judge to drop the use of the domain name over a trademark dispute.

  • US NCSC

    US counterintelligence shares tips to block spyware attacks

    The US National Counterintelligence and Security Center (NCSC) and the Department of State have jointly published guidance on defending against attacks using commercial surveillance tools.

  • Log4Shell

    NHS warns of hackers exploiting Log4Shell in VMware Horizon

    UK's National Health Service (NHS) has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits.

  • QNAP

    QNAP warns of ransomware targeting Internet-exposed NAS devices

    QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.

  • CompTIA

    Train for a career in cybersecurity with this $20 CompTIA course bundle

    The 2022 Premium CompTIA CyberSecurity and Security+ Exam Prep Bundle can help get you started with its 6 jampacked courses focused on cybersecurity and CompTIA certification prep. The courses are $200 individually, but you can get the bundle today for only $20.

    • BleepingComputer Deals
    • January 07, 2022
    • 07:15 AM
  • No comments:

    Boundary Lines for Linguistics are Very Clear

    World GeoDemo o S r p s d e n t o a 0 g 3 8 i 0 f 1 8 5 9 5 3 0 c 0 l c m 6 5 9 h 6 g m 3 g 1 7 0 i 8 5 f 1 h l 9 0 t u h 9 c t t m 7    ·  ...