Thousands of schools’ email systems are still being disrupted by a ransomware attack on FinalSite

FinalSite, an education technology business, is still recovering from a severe ransomware attack this week that disabled many of the services it provides to thousands of schools around the world.

The company claimed in a Friday morning update that the “great majority” of its sites are back up and running on the front end, but that many services are still experiencing problems.

They advised their customers, who include thousands of schools in 115 countries, to limit “software usage to crucial information updates for your front-end” until all functionality is certified to be fully functional.

Sending email/notifications, workflows, relying on calendar and athletic alerts, uploading data, and so on are all examples of usage to eliminate, according to the business.

While certain front-end systems have returned, FinalSite warned that some styling may be missing, and users may be unable to access their site’s admin area. According to FinalSite, many users will continue to receive 503 errors.

Customers were originally notified of concerns on January 4, and engineers have been working around the clock to remedy the problem, according to the business. By Thursday, the company had admitted that it had been hit by ransomware.

“We apologise for the extended outage and understand the burden it is bringing your organisations. While we made progress overnight in getting all websites back up and running, the entire restoration took longer than expected “Customers received a note from them.

“Our security, infrastructure, and technical teams have been working around the clock since the event to restore backup systems and bring our network back to full functionality in a safe and secure manner. Third-party forensic professionals are supporting us in slowly and carefully restoring items so that the atmosphere remains secure and stable.”

One Reddit user reported over 2,200 school websites hosted by Finalsite began to fall offline on January 4.

“Many districts are reporting that they are unable to use their emergency notification system to advise their residents of closures due to weather or COVID-19 protocol,” the user stated. “The consequence of this outage considerably outweighs the attention it has gotten.”

A FinalSite spokeswoman later informed TechCrunch that the ransomware attack affected about 5,000 of their 8,000 clients. Local news outlets around the United States reported that school districts’ websites were down.

Another school official contacted Bleeping Computer to report that their website was down, prompting them to notify parents. There is no timescale for services to return to normal, they were told.

Some schools used Twitter to alert students and parents about website disruptions, stating that the ransomware attack on FinalSite had caused their websites to go down.

Former FBI analyst Crane Hassold compared the attack to the Kaseya ransomware event, saying it demonstrated the “domino effect” that ransomware may have on other businesses.

“When a company that supplies solutions for other companies is struck with ransomware, like Kaseya did last summer, the impact may be immensely devastating,” said Hassold, who is now the director of threat intelligence at Abnormal Security.

“This attack couldn’t have occurred at a worse time in the current context, when COVID is increasing again and many schools are converting to temporary remote learning.”