The websites of about 5,000 institutions, including high schools and colleges, were down last week in the wake of a ransomware attack on Finalsite, which makes software for websites.
Cybercriminals have increasingly targeted higher education institutions and have hit at least three community colleges with ransomware since the end of November. The attack on Finalsite demonstrates the value attackers find in going after service and solution providers as well. By disrupting a service provider like Finalsite, the scale of the attack becomes more devastating, since thousands of victims are forced to grapple with disruptions at once.
Finalsite officials said they first detected ransomware on their systems last Tuesday and immediately launched an investigation with the help of third-party forensic specialists. They said, 99.9 percent of disrupted websites were back in service by Sunday,
Brett Callow, a threat analyst with Emsisoft, said that cybercriminals view service and solution providers as attractive targets.
“An attack on a university affects only that university, while an attack on a service or solution provider can affect multiple universities—and that may increase their chance of getting a payout,” Callow said via email. “Incidents such as this are far from uncommon and show no signs of slowing. It’s almost inevitable that we’ll see more highly disruptive attacks on service and solution providers as the year progresses.”