Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Cloud Company Blackbaud Pays Ransomware Operators to Avoid Data Leak

Cloud software provider Blackbaud has admitted that it paid cybercriminals to regain control of data following a ransomware attack in May 2020.

The company, which is known for its fundraising suites aimed at educational institutions and charities, offers a diverse portfolio of management and payment services to help process donations and fundraises.

Cloud software provider Blackbaud has admitted that it paid cybercriminals to regain control of data following a ransomware attack in May 2020.

The company, which is known for its fundraising suites aimed at educational institutions and charities, offers a diverse portfolio of management and payment services to help process donations and fundraises.

Last week, the company published a notice on a ransomware attack that it fell victim to in May 2020, claiming that it was able to discover and stop the assault, but not before some data was exfiltrated by the attackers.

“Our Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system. Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment,” the company said.

According to Blackbaud, the attackers did not access credit card data, bank account information or the social security numbers of its customers.

Even so, the company decided to pay the cybercriminals for deleting the data that was exfiltrated during the incident, “with confirmation that the copy they removed had been destroyed.”

“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” the company said.

The company’s public cloud environment, which lies in Microsoft Azure and Amazon Web Services, and most of the company’s self-hosted environment weren’t affected in the security incident.

Advertisement. Scroll to continue reading.

Blackbaud also mentioned that it has notified the customers who were affected by the attack, but did not provide specific information on how the attackers were able to compromise its systems in the first place.

Related: Cognizant Says Data Was Stolen in April Ransomware Attack

Related: U.S. Semiconductor Maker MaxLinear Discloses Ransomware Attack

Related: Netherlands University Pays $240,000 After Targeted Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...