Cloud computing provider Blackbaud paid a ransom after data breach

Cloud software provider Blackbaud revealed to have paid crooks to decrypt its data following a ransomware attack that took place in May 2020.

Blackbaud is a cloud computing provider that serves the social good community — nonprofits, foundations, corporations, education institutions, healthcare organizations, religious organizations, and individual change agents. Its products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and education administration.

Last week, the company disclosed that it was a victim of a ransomware attack in May 2020. Despite the company has discovered the intrusion and locked out the attackers, ransomware operators were able to exfiltrate its data.

“In May of 2020, we discovered and stopped a ransomware attack.” reads the data breach notification published by Blackbaud.

“Our Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system. Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment.”

The company confirmed that the attackers did not access financial data, such as credit card data and bank account information, or the social security numbers of its customers.

The bad news is that the company opted to pay the ransom for deleting the data that attackers have stolen during the intrusion.

The company reported the incident to law enforcement, and notified the customers who were affected by the incident. At the time Blackbaud did not disclose technical information about the attack such as the ransomware family that infected its systems.

It explained that it has no reason to believe that any data that was exfiltrated was or will be misused or disseminated.

The company pointed out that the incident did not involve solutions in its public cloud environment, such as Microsoft Azure or Amazon Web Services, nor did it involve the majority of its self-hosted environment.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.