Security News > 2020 > July > Cloud biz Blackbaud caved to ransomware gang's demands – then neglected to inform customers for two months
Blackbaud, a cloud software provider specializing in fundraising suites for charities and educational institutions, quietly paid off a ransomware attacker - and then got around to telling customers about it a full two months later.
"After discovering the attack, our Cyber Security team - together with independent forensics experts and law enforcement - successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system," said Blackbaud.
"Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment," Blackbaud said.
"The cybercriminal did not access credit card information, bank account information, or social security numbers. Because protecting our customers' data is our top priority, we paid the cybercriminal's demand with confirmation that the copy they removed had been destroyed."
Some customers went on to contact The Register to express concern that they were only being informed about the theft of their data two months after the thief had been paid off.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/07/17/blackbaud_paid_ransomware/
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)