How did a ransomware attack cause 8,000 school and college websites to go down?
Discover the Finalsite ransomware attack details and what could have prevented it.
Is the education sector becoming an increasing target of cyber attacks?
In 2020, the K-12 Cybersecurity Resource Center reported that K-12 schools and districts in the United States saw an 18% increase in cyber attacks over the previous year.
And the trend seems set to rise as 2022 kicked off with 8,000 schools and college websites going down due to a ransomware attack that targetted their web server provider, Finalsite.
As one of the first major education cyber attacks in 2022, let’s discover what caused the Finalsite ransomware attack and see how it could have been prevented.
What happened during the Finalsite ransomware attack?
On January 4th, 2022, a ransomware attack targetted the private web hosting and communication services company: Finalsite.
Ransomware is a type of malware that holds computers hostage while demanding payment from the target to return the affected system to normal.
Finalsite provides its services to around 8,000 educational institutions such as schools and colleges.
The ransomware attack left Finalsite with no choice but to take down their web servers which hosted their customers’ websites.
Taking down the web servers led to approximately 5,000 school and college websites going dark.
What happened after the Finalsite ransomware attack?
Finalsite hired private attorneys and Digital Forensic Investigators to investigate the ransomware attack.
After a six-day investigation, no evidence was found that the attackers accessed or stole any school data.
Finalsite explained that they do not host sensitive customer information such as payment details or academic records.
However, in the case of all cyber attacks, the brand damage and trust had already been broken.
What would be the role of a cyber security professional in this incident?
Before the ransomware attack
A cyber security professional such as a Penetration Tester can help decrease the chance of a ransomware attack successfully breaching a network.
A Penetration Tester:
- Carries out authorised tests and ethically hacks into networks on computer and network security systems
- Identifies weaknesses and vulnerabilities that cyber criminals could exploit
- Analyses security policies
- Writes an informative report to share security flaws with the wider cyber security team so issues can be resolved
After the ransomware attack
As stated earlier, Digital Forensic Investigators were employed to investigate the Finalsite ransomware attack.
A Digital Forensic Investigator analyses the digital data from a suspected crime scene, like a cyber attack, in the hopes of answering questions such as:
- How did the cyber attack occur?
- What was the extent of the cyber attack?
- Was any data accessed or stolen?
Keep reading to see the CyberStart challenges that could help you learn skills required for these cyber security roles.
How to learn these skills with CyberStart
Check out the CyberStart challenges below to see how you can practise penetration testing and digital forensics. Plus, there are plenty more challenges like this in-game.
Practise digital forensics
Intern L02 C01 - 610enC0de’d Password
The brief in this free CyberStart challenge asks you to access the server of a cyber criminal gang called the Yakoottees.
It looks like the Yakoottees have encoded the password to access their server. Brush up on your encoding knowledge and see if you can decode the password.
Top tip: If you don’t know what type of encoding was used to hide the password, use a search engine to find out.
Why is this CyberStart challenge relevant for a Digital Forensic Investigator?
Cyber criminals won’t always make it easy to find the evidence you need during an investigation.
Identifying and decoding cryptic information is a necessary forensics skill that will unlock a whole new world of secret messages and hidden data during investigations.
How to learn Digital Forensic Investigator skills with CyberStart
Practise penetration testing
HQ L09 C07 - Grand Old Ruble
Already practised solving challenges in Intern base and spent some time advancing your skills?
Then you might be ready to try HQ base’s ‘Grand Old Ruble’ - a more complex challenge to test your real-world abilities.
The brief says that the Spetzners gang have identified a vulnerability on the Grand Ruble Bank website, which allows them to perform actions only an admin should be able to.
It’s your task to determine the vulnerability and see if you can also gain access to perform admin actions.
Top tip: Research how to perform a Cross Site Request Forgery Attack.
Why is this CyberStart challenge relevant for a Penetration Tester?
This challenge allows you to carry out an authorised hack on the bank’s online system to find a security issue, just like a Penetration Tester.
You may not know how to solve ‘Grand Old Ruble’ straight away. But, you’ll build the skills required to solve this challenge by playing CyberStart.
You can play this challenge and 200+ more when you upgrade your CyberStart licence.
Ready to save the world from cyber attacks?
Register to trial CyberStart for free.