A school IT supplier hit by ransomware last week has claimed that all of its customers’ websites have now been restored, although many will still be suffering some kind of disruption.
Finalsite claims to serve over 8000 schools worldwide, offering content management, communications, mobile and enrolment software.
After discovering ransomware on some systems on January 4, it was claimed that thousands of schools were affected – not only by the downing of websites but also critical messaging services designed to notify communities about weather-related closures or changing COVID-19 protocols.
In an update on Sunday, the firm claimed that it had restored front-end access to 99.9% of customer websites and that all sites now had admin access.
However, there were several caveats.
“We are still working to restore some assets from File Manager and Media Manager, which may affect the display of pages that rely on items like photos or videos loaded from these locations,” Finalsite noted.
“We have identified a segment of data integrations that require the restoration of mapping files, which we will restore and provide an update upon completion.”
It also explained that its legacy bulk email notification tool, eNotify, was still experiencing problems, although its replacement, the Messages module, is back up and running.
There’s still no word from the company as to whether it was forced to engage with its extorters to accelerate the process of restoration and recovery or if any sensitive data may have been taken. The majority of ransomware attacks now feature a data exfiltration and “double extortion” element, according to experts.
The nature of the provider hit by this attack could hint at a growing trend for ransomware in 2022, as threat actors target upstream supply chain firms more frequently to cause maximum damage and increase their chances of a big pay-out