Ransomware attack cripples St. Louis archdiocesan websites

CNA Staff, Nov 25, 2020 / 14:00 pm

A ransomware attack crippled the websites of the Archdiocese of St. Louis last week, but data has not been compromised by the attack, the archdiocese told CNA. Several archdiocesan affiliated sites have been taken offline in response to the attack.

"On November 16th, our website hosting company experienced a coordinated ransomware campaign. To ensure integrity of our data, the limited number of impacted sites–including ours–have been taken offline," the Archdiocese of St. Louis informed Catholics last week.

"Upon further investigation and out of an abundance of caution, our hosting company took down their entire system to ensure that we were not compromised. Our hosting security team are working diligently to eliminate the threat and restore our website to full capacity."

Seven archdiocesan urls are impacted, among them archstl.org, stlreview.org, and pages for archdiocesan cemeteries and fundraising. A spokesperson for the archdiocese told CNA Tuesday "we do not have information regarding an expected timeline for the restoration of our website."

"We have been told that none of the Archdiocese of St. Louis' information has been compromised, and the hosting company has taken down our sites to protect us," the spokesperson added.

Ransomware is a kind of hacking measure by which websites are taken over unless a ransom is made. In some cases, hackers threaten to release confidential data gained from the attack unless the ransom is paid.

Maria Lemakis, archdiocesan multimedia manager, told CNA that because the attack happened with the company that hosts websites, a decision about whether to pay the ransom is not up to the archdiocese.

"Whether or not the ransom will be paid is at the discretion of the hosting vendor," Lemakis explained.

 "It is our understanding that the vendor is working with federal authorities on the issue," she added.