Cybersecurity

Thousands of school websites went down after ransomware strikes vendor

Finalsite, a major web host of K-12 schools, said it has restored a "vast majority" of its customers' front-facing websites as it continues to investigate the incident.

By Benjamin Freed

January 7, 2022

Several school districts around the U.S. have been hit with ransomware as a difficult school year begins. (Getty Images / Scoop News Group)

Thousands of schools in the United States and around the world have had their websites and some other functions knocked offline as a result of a ransomware attack targeting a major web host for K-12 institutions just as students prepared to return from the winter holidays.

The company, Finalsite, said Thursday it “identified the presence of ransomware on certain systems in our environment,” which led to its clients, spanning 110 countries, losing access to their websites and other online services.

The outages began on Tuesday, when Finalsite’s customers, like the school district in Oakwood, Ohio, began notifying students and parents that their websites were down.

The Oakwood Schools district website is currently down. The FinalSite team is working on the issue. In the meantime, f you need to report a student or staff member who has tested positive for COVID-19 please go to https://t.co/GUfEyOaDyq pic.twitter.com/5GDV9T27pj

— Oakwood Schools (@Oakwood_Schools) January 5, 2022

Many other public and private schools that depend on Finalsite for their web hosting posted similar messages, though the company did not disclose that the cause was ransomware until Thursday evening.

“We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline,” reads an update on the Glastonbury, Connecticut, company’s website.

Finalsite also said it believes that none of the company’s nor its clients’ data was stolen by malicious actors.

“We have full access to our files and data,” another update read. “The forensic investigation is ongoing and at this time, we have no evidence that our data or client data has been taken. If we determine otherwise through the course of the investigation, we’ll act swiftly to notify you and will take all appropriate actions.”

The company also said last night that it has been able to restore a majority of the thousands of public-facing websites that were knocked out earlier this week. But some Finalsite clients still have not regained access to all their applications. Holy Ghost Preparatory School, a private high school in Bensalem, Pennsylvania, said Friday that while its website is back, its email system is still down, TechCrunch reported.

Ransomware remains a nagging problem for the K-12 sector, with at least 102 publicly disclosed incidents targeting schools last year, according to Recorded Future. But vendors are also susceptible: According to a March 2021 report from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange, at least three-fourths of all data breaches at schools were related to vendor compromises.

President Joe Biden last October signed legislation ordering the Department of Homeland Security to study the cyber risks and vulnerabilities against K-12 schools.