Blackbaud is a well-regarded cloud company serving the cloud needs of nonprofits, faith communities, schools and more. The company, worth more than $2.5 billion was a recent victim of a ransomware hack.
In May of 2020, they discovered and stopped this ransomware attack. The cybercriminals attempted to disrupt their business by locking it out of its own data and servers. After discovering the attack, their cybersecurity team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system.
Prior to our locking the cybercriminal out, the hacker removed a copy of a subset of data from their self-hosted environment. According to the company, the cybercriminal did not access credit card information, bank account information, or social security numbers. Blackbaud paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, their research, and third-party (including law enforcement) investigation, they have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly.
This incident did not involve solutions in their public cloud environment (Microsoft Azure, Amazon Web Services), nor did it involve the majority of their self-hosted environment. The subset of customers who were part of this incident have been notified and supplied with additional information and resources.
So what is going on?
As we have detailed in the past, hackers used to rely on encrypting company files via so-called ransomware to force a company to pay a ransom, in order to get the key to unlock their encrypted files.
Over time, companies have gotten better at backing up their files and many do not want to pay the ransom because we now know it could be funding criminal organizations, criminal nation-states and terrorist groups like ISIS. Many organizations use solutions like Datto which will back up a full copy of corporate data locally and in the cloud. The idea being that regardless of what happens in the local environment such as a flood or power outage, the cloud version of the data can be used to allow work until the local network is brought back online. In a situation where files get infected, the local machines can be wiped and restored from the last known good backup.
Hackers have upped their game.
Ransomware has become Extortionware – meaning they hackers threaten to release a copy of the data they steal on the internet. Some hacker groups now have affiliate programs meaning they pay the bulk of the ransom to an affiliate who can infect an organization.
Companies now have no choice but to pay the ransom or they risk reputational and legal damage. On the other hand, they are knowingly funding criminals, terrorists, etc.
It is a real lose-lose situation and once infected, there is no good solution.
Consider - even after you pay a ransom, there is no way to guarantee the criminal won't release or sell your data.
Unless of course there was a way to keep from getting infected in the first place.
Most of these attacks come through email and are a result of a user clicking when they shouldn’t.
Phishing simulation is a fantastic way to help users learn what not to click.
The idea is to send an email that looks like what a hacker would send but when a user clicks and then enters information, they are alerted that they were scammed and told what to look for to avoid being hacked again.
This, coupled with live, interactive training over video has been shown to dramatically cut down on clicks and data entered.
We have used our PHISH360 solution and our own live training to dramatically reduce risk for organizations.
In summary, we highly recommend you use our free to try phishing simulation solution (or another reputable vendor), ask about our live cybersecurity training and finally have us perform a cybersecurity assessment.
A hack can cost a company millions or put them out of business if their customers defect or they are unable to pay the ransom.
The best defense against being put in a lose-lose situation is to prevent a hacker from getting in to begin with. Ask the experts at Apex Technology Services about how we can help your organization stay secure.