Cloud Services Firm Stops Ransomware Attack, But Pays Anyway

Blackbaud, a major supplier of financial and fundraising technology to the non-profit sector, said it stopped a ransomware attack from encrypting files, but paid the attackers to delete stolen customer data.

“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed,” Blackbaud said in a customer advisory.

The company said it discovered and stopped the ransomware attack in May of this year, but discovered the attackers had removed “a subset” of customers’ data.

The data affected was from Blackbaud’s self-hosted environment, and didn’t affect data it hosts on Amazon Web Services or Azure cloud services, the company said.

‘Sophisticated’ attack

“The subset of customers who were part of this incident have been notified and supplied with additional information and resources,” Blackbaud said.

“We apologise that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”

Blackbaud said its strong cybersecurity practice and advance planning had enabled it to shut down the “sophisticated” attack, adding that it has implemented changes to prevent the issue from happening again.

The company said it believed the attackers’ confirmation they had destroyed the data in part because the ransomware business model depends upon criminals not disclosing data once a ransom is paid.

Data release

In addition, Blackbaud said it worked with outside experts to monitor the internet and found no evidence that information was ever released.

Ransomware attacks initially focused on encrypting organisations’ files and then extorting ransoms to decrypt the files, but in recent months have expanded into other areas, such as stealing data and threatening to release it.

Beginning earlier this year, for instance, the DoppelPaymer ransomware gang has begun publicly releasing files stolen from contractors for the US Navy, Lockheed-Martin and SpaceX.

Some of the malware developers’ ransom demands have been in excess of $1 million (£800,000), according to computer security firm CrowdStrike.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Intel ‘Playing Politics’ Over Delayed Ohio Chip Factory, Alleges Governor

Ohio Governor Mike DeWine alleges Intel's Ohio factory delay is a negotiating tactic, despite Pat…

1 hour ago

Steve Jobs Posthumously Awarded US Medal Of Freedom

President Joe Biden has named Apple co-founder and former CEO Steve Job, as a posthumous…

3 hours ago

Twitter Seeks Judicial Review Of Indian Takedown Order

Clash continues, Twitter court challenge against Indian government order to remove certain content it deems…

3 hours ago

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

22 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

23 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

1 day ago