Ransomware attack hits 5,000 school websites


According to Finalsite, approximately 8,000 schools – including boarding schools, high schools, and colleges – around the world use Connecticut-based Finalsite software for their websites and public communications.

The websites of a “majority of our schools are back online this morning,” Finalsite spokesperson Morgan Delack said in an email. “At this time, we have no evidence to show that the data has been compromised.”

The tech company said it discovered the ransomware on some of its computer systems on Tuesday. “(We) made the decision to shut down our network when we saw the problem and rebuilt everything in a clean environment,” said Delack. “We have all the data of our customers.”

About 4,500 of the affected schools are in the United States, Delack said.

The Aquin Theological Institute, a Catholic graduate school in St. Louis, said the incident cut off communications with candidates at the school.

“(Our) web presence was definitely cut short by what happened with FinalSite,” Jessica Adams, graduate enrollment coordinator at Aquinas Institute of Theology, told CNN. “Bad timing for us as we are in the middle of a final push for applicants to our programs and it is difficult to talk to people about the programs when the website with the information is down.”

In addition to communication platforms like Finalsite, ransomware attacks disrupted distance learning for a number of schools in the United States during the coronavirus pandemic. This includes an incident that forced Baltimore County public schools to temporarily close in November 2020.

In each of the past three years, ransomware has disrupted more than a thousand K-12 schools in the United States, according to cybersecurity firm Emsisoft.

“Unfortunately, there is no reason to believe that 2022 will be much different from previous years in terms of the number of incidents,” Brett Callow, threat analyst at Emsisoft told CNN.

The Government Accountability Office, a federal auditor, called on the Department of Education to do more to protect schools from hacking threats.

A GAO report released in November revealed that the department “lacks an updated plan based on a current assessment of cybersecurity risks facing” the education sector.


Comments are closed.