Ransomware attack disrupts PAUSD websites

PAUSD’s website has been malfunctioning since Tuesday when Finalsite, PAUSD’s website service provider, discovered the presence of malware in its systems and shut off its services.

According to a status update, Finalsite employees detected malware — software used by hackers to steal or lock information — in its program during a routine forensic investigation and began to intentionally move its systems offline.

“In the ensuing time since the incident, our security, infrastructure and engineering teams have been working around the clock to restore backup systems and bring our network back to full performance, in a safe and secure manner,” the update read. “Third-party forensic specialists are assisting us in bringing things back slowly and carefully to ensure the environment is safe and stable.”

In a separate status update, Finalsite stated they hope to have the issue resolved by Monday morning but can not confirm when all services will become fully operational again. 

“Websites are beginning to go back online; however, full restoration has taken us longer than anticipated,” Client Chief Officer Tim McDonough said. “We can confidently say we have things in working order but it is a slower process than we’d all like to see.”

Finalsite CEO Jon Moser said their services went down because of preventionary measures, not because the ransomware attacked their data.

“We were monitoring your computer environments, and we shut them down when we noticed the problem,” Moser said to Finalsite’s customers in a webinar. “It wasn’t done by the malware; we shut it down intentionally and chose to rebuild your environment and your data in a safe environment. This was a business decision to protect our customers.”

PAUSD’s Chief Technology Officer Derek Moore said the district responded to the disruption by quickly redirecting the PAUSD website to its own web server, off of Finalsite’s.

“As soon as this incident happened on Tuesday, we started thinking about (recreating our own website),” Moore said. “We have a great webmaster who was able to throw up the temporary couple of pages on our server and make them look nice.”

Because of the way the PAUSD website system is designed, the ransomware and subsequent shutdown had little effect on PAUSD, Moore said.

“From our perspective, even if (data was leaked), it’s not that big of a deal because the reality is, we only use Finalsite for our public website,” Moore said. “Services like Schoology and Infinite Campus are different platforms and totally separate.”

Librarian Sima Thomas said the disruption of the Finalsite service only led to minor inconveniences for teachers and students.

“I was trying to help students with checking (the schedule), but it was hard to find with some of the website functions down,” Thomas said. “But then I realized the calendar had been shared with teachers by the admin on a Google Doc, so that was how I figured things out.”

Moore praised Finalsite for their rapid response.

“We’ve been very impressed with their response, and they’ve handled it professionally,” Moore said. “They have the right people from forensic experts to the security people involved in the situation. None of our data was compromised, and they caught it very early and proactively shut things down, so we plan on continuing to use Finalsite.”