Ransomware Source in Finalsite Attack Identified as School Websites Functioning Again

  • By Kristal Kuykendall
  • 01/11/22

School website provider Finalsite said Monday that its cyber-investigation of last week's ransomware attack has identified the threat actor and that the 3,000 school websites offline for most of last week are now back online and functioning.

Thousands of K–12 schools and universities whose websites are hosted by Finalsite were affected by the outage starting on Tuesday, Jan. 4, though the reason for the outage was not disclosed until Thursday afternoon. As of noon Monday, all the websites were back online and most functions working, the company said, with a few remaining functions such as the file manager and integrations still being restored.

Finalsite Director of Communications Morgan Delack said Monday that company officials “were not able to quickly share the details of the why” in an effort to protect the investigation, and she added that while clients were notified of the outage later that day, “we should have sent communication to all our clients the moment the websites went down universally.”

“We should have done better” in that regard, Delack said. “We have been listening to the needs of our clients and (doing everything possible to) help make it as easy to recover from this as possible.”

With help from cybersecurity forensic investigators from Charles River Associates, Finalsite “has determined who the threat actor is, we have contained their activity, and we know how they gained access and when they gained access,” Delack said today. The investigation includes assistance from data privacy attorneys at Mullen Coughlin LLC, she said.

“We have found absolutely no evidence that client data has been compromised or extracted,” Delack added. “The remainder of the investigation is to confirm these findings and ensure compliance” with cybersecurity laws and best practices.

Delack said Friday that the company had full access to its files and data throughout the incident and a forensic investigation was under way. “We have no evidence that our data or client data has been taken.” Finalsite also noted that its database information on client schools is limited to names and email addresses and said the company does not store payment information, academic records, Social Security numbers or other personal information.

“It's important to note that the malware is not what took our sites offline,” Delack emphasized again on Monday. “We did so proactively — and immediately — upon learning of the issue in order to protect our data. The reconnection of our websites is taking so long because we had to rebuild everything in a clean, safe environment again. At this time, we have no evidence that data was compromised, and we credit that to our early actions.”

Delack initially estimated that about 5,000 of its almost 8,000 global customers had been affected by the incident; on Monday, that total was revised down to 3,000 school websites impacted.

Finalsite, with offices in Connecticut and the U.K., provides website, marketing, and communications platforms for schools and universities in 108 countries. It is a portfolio company of Veritas Capital.

Read more about the timeline of the outage and the company’s reaction in our initial report on the ransomware attack.

In a webinar for clients held late Thursday, Finalsite officers emphasized that they take security “extremely seriously and are frequently updating protocols” based upon any best practices and new information.

“The Finalsite security team has strict security measures in place to protect the information in our care, and have worked to add further technical safeguards to our environment,” the transcript reads. “We’ve invested $2.5 million into hosting security and our team monitors our network systems 24 hours a day, seven days a week. As we learn more about this incident, we are taking additional steps to further secure the environment and prevent this type of attack from occurring again.”

Cybersecurity and education officials have recently warned of a significant increase in cyberattacks on schools and universities, and the K–12 Cybersecurity Act of 2021, signed into law in October, directs the Cybersecurity and Infrastructure Security Agency to identify risks and provide resources for schools to better protect their IT security.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • Complete College America Launches Center to Boost Data-Driven Student Success Strategies

    National nonprofit Complete College America (CCA) recently launched the Center for Leadership, Institutional Metrics, and Best Practices (CLIMB), with the goal of helping higher education institutions use data-driven strategies to improve student outcomes.

  • teacher

    6 Policy Recommendations for Incorporating AI in the Classroom

    The Southern Regional Education Board's Commission on AI in Education has published six recommendations for states on adopting artificial intelligence in schools, colleges, and universities. The guidance marks the commission's first release since it was established last February, with more recommendations planned in the coming year.

  • computer screen displaying a landline phone being unplugged from a single cord, with a modern office desk, keyboard, and subtle lighting in the background

    Microsoft to Discontinue Skype Services

    Microsoft has announced that it is shutting down service for its Skype telecommunications and video calling services on May 5, 2025.

  • Two figures, one male and one female, stand beside a transparent digital interface displaying AI symbols like neural networks, code, and a shield, against a clean blue gradient background.

    Report Makes Business Case for Responsible AI

    A new report commissioned by Microsoft and published last month by research firm IDC notes that 91% of organizations use AI tech and expect more than a 24% improvement in customer experience, business resilience, sustainability, and operational efficiency due to AI in 2024.