Ransomware: attack on Blackbaud and double redemption

In May Blackbaud suffered a ransomware attack. Although the counter-move by the security team was swift and effective in preventing the blocking of access to the information managed, also thanks to the collaboration with external experts, the authors of the action were able to steal a considerable amount of data, forcing the company to pay a sum to avoid publication. Among the clients of the company, specialized in the provision of hosting and cloud services, various non-profit organizations, foundations and healthcare organizations.

The ransomware attack on the provider Blackbaud

What happened testifies how this type of cyber threat, which has been manifesting itself with increasing frequency in recent years, is evolving: at a first ransom requested from victims to restore access to encrypted content, cyber criminals often ask for another with the promise not to distribute in Network (often on the Dark Web) a copy of stolen documents.

Since protecting our customers' data is our top priority, we paid what the cybercriminals asked for, ensuring that the stolen copy was destroyed.

It is not given to know a how much the amount paid, nor how it was transferred, but almost certainly it is a transaction carried out in cryptocurrencies such as Bitcoin or other so as to make it difficult to trace the authors of the gesture.

Source: Blackbaud