Glastonbury firm hit by ransomware attack
Company hosts thousands of school websites, but no reports of compromised student data, AG says
A Glastonbury-based company that hosts thousands of school websites in Connecticut and across the nation continued to recover Monday from a ransomware attack launched last week.
“We still have no evidence that any data has been viewed, compromised or extracted,” Finalsite spokeswoman Morgan Delack said.
Finalsite has identified the cyber attacker and how they entered the system, but Delack would not identify the attacker or say whether the company paid ransom to restore the breached systems.
Attorney General William Tong said his office was monitoring the attack closely.
“Right now,” Tong said, “there are no reports that student data or personal information has been compromised, which would trigger notification requirements to our office.”
Ransomware uses encryption to disable computer systems. Cybercriminals demand payment in exchange for restoration, often threatening to sell or leak information if the ransom is not paid.
On Jan. 4, Farmington schools and other districts with websites hosted by Finalsite discovered their sites were not accessible or displayed errors. The company’s initial message said staff was “investigating an issue leading to increased error rates and performance issues...” A Jan. 6 update said staff had identified ransomware “on certain systems in our environment” on Jan. 4.
An update Monday said the attack was not directed at any specific schools, but certain areas in the Finalsite systems as a whole. Client data stored in company databases is limited to demographics, including names and email addresses for some clients, and there is no evidence that such data was compromised, the company said. Finalsite does not store data such as credit card information, academic records, information related to students’ health or Social
Security numbers, Delack said.
“The integrity, safety, and security of our network and the information held in our care are our top priorities,” the company said. “We are taking steps to secure the environment and ensure this type of incident does not occur again.”
Ransomware has become an urgent national security problem. Many of the criminal hackers are based in Russia. In a June summit, President Joe Biden pushed Russian leader Vladimir Putin to clamp down on the surge of cybersecurity and ransomware attacks that have targeted businesses and government agencies in the U.S. and around the globe.
Tong said no business or government entity is immune from a ransomware attack. He outlined necessary measures to protect personal information and critical infrastructure, including following the president’s executive order on “Improving the Nation’s Cybersecurity,” which outlines best practices that include multifactor authentication (because passwords alone are routinely compromised); endpoint detection and response (to hunt for malicious activity on a network and block it); encryption (so if data is stolen, it is unusable); and a skilled security team.
Tong also announced a new online form designed to help businesses comply with their obligation to notify his office when they experience a data breach impacting Connecticut residents.