Ransomware Attack on Software Provider Finalsite Shuts Down Thousands of School Websites

Thousands of K–12 schools and universities found their websites inaccessible last week after website software provider Finalsite was hit by a ransomware attack. The company was still working to restore full functionality Friday afternoon.

The company said in a statement on its website that it had full access to its files and data throughout the incident and a forensic investigation was under way. "We have no evidence that our data or client data has been taken." Finalsite also noted that its database information on client schools is limited to names and email addresses and the company does not store payment information, academic records, Social Security numbers or other personal information.

"It's important to note that the malware is not what took our sites offline," said Finalsite Director of Communications Morgan Delack. "We did so proactively — and immediately — upon learning of the issue in order to protect our data. The reconnection of our websites is taking so long because we had to rebuild everything in a clean, safe environment again. At this time, we have no evidence that data was compromised, and we credit that to our early actions."

Delack said about 5,000 of its almost 8,000 global customers had been affected by the incident.

Finalsite, with offices in Connecticut and the U.K., provides website, marketing, and communications platforms for schools and universities in 108 countries. It is a portfolio company of Veritas Capital.

Late Thursday, Finalsite held a webinar for clients affected by the outage, where company leaders spoke about what happened and why the cause of the outage hadn't been shared until the outage was in its third day, according to a transcript of the webinar.

Initially, on Tuesday, Finalsite posted on its status page for its customers that it was "investigating an issue leading to increased error rates and performance issues," and it posted updates about the "continued outage" several times a day without mentioning the cause of the outage, until just after noon on Thursday.

At 12:04 p.m. on Thursday, Finalsite acknowledged that ransomware was the cause and said in a new status update that the ransomware had been detected on Tuesday.

"We are incredibly sorry for this prolonged outage and fully realize the stress it is causing your organizations. While we have made progress overnight to get all websites up and running, full restoration has taken us longer than anticipated," the status update said. "The Finalsite security team monitors our network systems 24 hours a day, seven days a week. On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment. We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline.

"In the ensuing time since the incident, our security, infrastructure, and engineering teams have been working around the clock to restore backup systems and bring our network back to full performance, in a safe and secure manner. Third-party forensic specialists are assisting us in bringing things back slowly and carefully to ensure the environment is safe and stable."

Late Friday afternoon, the company said, "We're continuing to work to restore admin access as quickly as possible, and many more sites can now log in. We are continuing to restore styling, calendar events, and constituents for directories and will update you on our progress along the way."

Speakers on the webinar held Thursday afternoon included CEO and Founder Jon Moser and the chief officers of revenue, marketing, product, and communications.

"Many of you have said, why haven't you been more upfront with us about what is happening until now? As you've read in our letter, because of the nature of the incident, we have had to hold back some information until now and are grateful for your understanding of these difficult circumstances," the officers said, according to the webinar transcript. "After isolating and shifting away from the affected infrastructure components, we needed to rebuild aspects of our network. It's taking us longer to tune this rebuilt infrastructure than we originally anticipated."

The company leaders emphasized that they take security "extremely seriously and are frequently updating protocols" based upon any best practices and new information.

"The Finalsite security team has strict security measures in place to protect the information in our care, and have worked to add further technical safeguards to our environment," the transcript reads. "We've invested $2.5 million into hosting security and our team monitors our network systems 24 hours a day, seven days a week. As we learn more about this incident, we are taking additional steps to further secure the environment and prevent this type of attack from occurring again."

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report: Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.