Blackbaud, a multinational cloud computing company, is now facing a lot of criticism, and law authority is currently on a pursuit with them regarding the controversy it is now facing about the ransomware attack that happened in May of this year. Blackbaud served different organizations and businesses mainly from the United States, the United Kingdom, Australia, and Canada of almost 25000 entities from known universities, health institutions, big corporations, and especially nonprofits organizations. Their products are centered on education management, ticketing services, fundraising, CRM and analytics, and website administration through their in-house developed software like Raiser‘s Edge, Luminate, and NetCommunity.
Like other well-known companies that focused on technology, the attack that happened with Blackbaud is inevitable. However, the company mitigation plan addresses the attack, which raised numerous questions from many cybersecurity communities and legal entities from different countries it serves. As reported, the company experienced a ransomware attack from undisclosed adversaries in May 2020. Unfortunately, the company only released and admitted about the intrusion with its official announcement on July 16, which includes contacting possible affected clients.
On their initial investigation, Blackbaud reassures that upon discovering the attack, they could mitigate the plan to completely seize the attacker to do further damage on the company by implementing blockage on its entry. Unfortunately, the unknown adversary could exfiltrate a set of client‘s information out of their cloud storage, which was then revealed to be confirmed sensitive credentials as reported like contact information, bank records, and social security numbers. This data has been leveraged by the attacker to extort ransom from Blackbaud. The latter heed from the demand for an unknown amount of cryptocurrency money to assure that that data will be destroyed by the attacker. Thus, Blackbaud claims that the situation is under controlled, and stolen data will not be used for other malicious activities.
Unfortunately, some stolen data have been resurfacing, it is speculated that many unknown cyber-criminals are behind it. Attackers to extort money from different prominent entities that they believed are connected to the May 2020 Blackbaud attack. With this, the incident is again creating noise within the cybercommunity. An in-depth investigation is being done not only by Blackbaud but now with other governing countries affected by the incident.
Though Blackbaud’s action in paying the ransom does not have a clause with laws in the affected countries, this raised many negative comments that their actions could have encouraged any adversaries to do their malicious deeds.
Whereas, Blackbaud, as their statement, was only done to protect their customer‘s data, which is their top priority.
Currently, the issue is still being investigated, and further mitigation plan is being performed as remnants of the attack is being reported. Blackbaud still has to answer queries from governing bodies, mainly in the United States and the United Kingdom, for possibly breaching protocols in reporting cyberattacks. An official announcement from Blackbaud and these authorities are expected to be released soon.