Blackbaud claims it paid a ransom to protect customer data.
A leading non-profit fundraising and financial technology supplier Blackbaud managed to stop file encryption after becoming a ransomware attack target. However, the company still paid the ransom.
The incident occurred in May 2020, and Blackbaud chose to pay ransom to ensure that the attackers deleted all their stolen data.
The company claims that attackers stole customer-related details from its network and threatened to publish the information online if they didn’t receive the ransom amount. For your information, Blackbaud is a well-known provider of cloud hosting solutions in the non-profit sector and is based in the United States.
Reportedly, hackers breached the security of Blackbaud’s network and installed malware to lock its servers. When the company’s Cyber Security team discovered the attack, they collaborated with independent forensic experts and law enforcement authorities to prevent the attackers from blocking access to the company’s systems and encrypting all the files.
Ultimately, the attack was thwarted. However, by the time the company responded, the unidentifiable hackers already had stolen a data subset from its “self-hosted” environment where customers stored their files. The data stored on Azure Cloud or Amazon Web Services (AWS) wasn’t affected.
Hence, the attackers threatened Blackbaud to pay the ransom despite that the attack was unsuccessful. Blackbaud then paid the ransom to protect the customers’ data, which the company claims, is its “top priority.”
It further revealed that they were able to thwart the “sophisticated” attach due to the robust security measures it had implemented and advanced planning.
“We paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed,” the company said in a statement.
Blackbaud also apologized to customers about the hacking incident and promised to investigate it comprehensively. New security measures will also be adopted to prevent similar incidents in the future, according to the statement.
Those affected by the breach in any way have been informed about the incident and essential guidelines.