A ransomware attack on software provider Finalsite has affected the websites of about 5,000 schools, most of them in the US, a Finalsite spokesperson told CNN Friday.
About 8,000 schools — including boarding schools, high schools and colleges —worldwide use Connecticut-based Finalsite’s software for their websites and public communications, according to Finalsite.
The websites of a “majority of our schools are back online this morning,” Finalsite spokesperson Morgan Delack said in an email. “At this time, we do not have any evidence to show data has been compromised.”
The technology firm says it discovered the ransomware on some of its computer systems on Tuesday. “(We) made the decision to shut down our network when we saw the problem and rebuilt everything in a clean environment,” Delack said. “We have all of our client’s data.”
About 4,500 of the affected schools are in the US, Delack said.
The Aquinas Institute of Theology, a Catholic graduate school in St. Louis, said the incident interrupted communications with applicants to the school.
“(Our) web presence was definitely interrupted by what happened with FinalSite,” Jessica Adams, coordinator of graduate enrollment at the Aquinas Institute of Theology, told CNN in an email. “Poor timing for us as we are right in the middle of a final push for applicants to our programs and it’s hard to talk to folks about programs when the website with the information isn’t working.”
In addition to communication platforms like Finalsite, ransomware attacks have interrupted remotely learning for a number of schools in the US during the coronavirus pandemic. That includes an incident that forced Baltimore County Public Schools to temporarily close in November 2020.
In each of the last three years, ransomware has disrupted more than a thousand K-12 schools in the US, according to cybersecurity firm Emsisoft.
“Unfortunately, there is no reason to believe that 2022 will be significantly different from previous years in terms of the number of incidents,” Brett Callow, a threat analyst at Emsisoft, told CNN.
The Government Accountability Office, a federal auditor, has called on the Department of Education to do more to protect schools from hacking threats.
A GAO report published in November found that the department “lacks an up-to-date plan based on a current assessment of the cybersecurity risks facing” the education sector.