8,000 schools worldwide become victims of ransomware after IT provider suffered massive cyber attack

School website provider FinalSite was the target of a ransomware attack that severely disrupted access to thousands of academic platforms around the world. This firm operates as software as a service (SaaS), offering web hosting, management services and other tools, working for more than 8,000 academic institutions in 115 countries.

This week, some school districts with websites hosted on FinalSite began reporting various issues. On Tuesday afternoon the company issued its first statement about it, mentioning that they were only temporary errors in some services and without confirming the attack.

Finally, three days after the first reports, the company confirmed that the failures were caused by a ransomware attack: “We are very sorry for this prolonged outage; while we have progressed to get all websites up and running again, the full restoration has taken us longer than anticipated,” says FinalSite.

The company also mentions that some security measures have been implemented to prevent systems from being affected again by a subsequent incident: “We initiated an investigation into the event with the help of external cybersecurity specialists, in addition to isolating some of the affected systems.”

A Representative of FinalSite was questioned about the attack and, although he did not reveal what the ransomware variant was so as not to hinder the ongoing investigations, he assures that there is no evidence that this incident involves the misuse of confidential information. The facts seem to confirm the words of the representative, since so far no traces of FinalSite information published on any dark web platform have been detected.

Academic institutions have become a favorite target for threat actors, primarily ransomware groups. This situation worsens when hackers attack schools and public institutions, since governments do not usually make deals with hackers and sometimes do not even have the economic and infrastructure resources to counter a situation like this.

That is why the best protection against ransomware operators remains prevention, as it prevents organizations from having to go all the way to recover their systems infected with encryption malware.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.