Ransomware Attack Takes Thousands Of U.S. School Websites Offline

By Lee Mathews, Contributor

Fresh off their Christmas break, thousands of schools in the U.S. found themselves facing an unpleasant surprise last week. Their websites had inexplicably gone offline.

Image: getty

How do thousands of school websites go down all at once? When their cloud service provider experiences an unplanned outage.

In this case the provider is Finalsite, which provides schools with hosted tools to manage their online presence and communications. The cause of the unplanned outage was a ransomware attack.

Finalsite announced the attack on January 6th, two days after posting that “increased error rates and performance issues” were affecting its services.

Just a day earlier Finalsite stated that its engineers were working with third-party experts to determine the source of the disruption. While the investigation remains ongoing, so far the company has found “no evidence that our data or client data has been taken.”

It could be quite some time before the full extent of the attack is understood, but that’s encouraging news. Another positive is that Finalsite never lost access to its customers’ data.

Before noon this morning Finalsite posted that all customer websites had been restored. Messaging and notification systems — vital tools communicating with parents — were once again fully operational, too.

The timing of the disruption is truly unfortunate. Thousands of schools around the U.S. relying on Finalsite to communicate with parents. With the omicron variant surging around the country and severe weather hitting multiple regions, a tool that those schools depend on for messaging suddenly went silent.

Criminal hackers know what they’re doing. Hitting a service provider that counts 2,200 districts in the United States among its customers just after the Christmas break was no coincidence.

Dozens of school districts have been directly impacted by ransomware in the past two years to the tune of billions of dollars. Those attacks won’t slow down in 2022, and cloud providers who service educational institutions will continue to be targeted, too.

The GAO has called on the Department of Education to do more to assist schools with cybersecurity shortcomings, but it’s a steep hill to climb — particularly when numerous third-party providers will also need to get on board.


What is inkl?

Important stories

See news based on value, not advertising potential. Get the latest news from around the world.

Trusted newsrooms

We bring you reliable news from the world’s most experienced journalists in the most trusted newsrooms.

Ad-free reading

Read without interruptions, distractions or intrusions of privacy.