Blackbaud, a leading cloud software provider based in Charleston, South Carolina USA, which was ransomware attacked last May, confirmed that hackers behind it had acquired access in unencrypted banking data, in credentials, as well as in social security numbers. The company operates not only in the US but also in other countries, including the United Kingdom, Australia and Canada.
The ransomware attack that took place last May in Blackbaud was revealed in a press release issued on July 16, when the company said that the intruders were blocked before fully encrypting the systems of. However, they managed to steal a copy of a subset of data from a private cloud. Blackbaud then paid for them ransom, since the hackers they assured her that they had destroyed the stolen goods data.
The ransomware attack by Blackbaud affected a large number of organizations around the world, including charities, non-profit organizations, but also universities in the USA, Canada, the United Kingdom and the Netherlands.
While Blackbaud had initially stated that the hackers behind the ransomware attack did not have access to credit card information, bank account details and social security numbers, a thorough investigation revealed that the hackers finally had access to unencrypted bank data, credentials and social security numbers. However, the company clarified that these new findings do not apply to all customers affected by the security incident.
Blackbaud also said the investigation is still ongoing and the company will continue to keep customers, shareholders and other interested parties informed of any new developments.
Depending on the ransomware gang who stole Blackbaud data, its willingness to destroy it, but also what it intends to do with it if it did not destroy it as promised, the company's customers may face many security risks, given the sensitive nature of exposed information.
According to BleepingComputer, there are, as far as he knows, 22 ransomware companies that steal sensitive documents by servers of the victims, before encryption. In addition, the data that hackers steal in these attacks, use them later to threaten the victims to pay a ransom, otherwise the stolen data will be leaked gradually, until the ransom is paid. In some cases, the ransom may even increase until all the stolen data is leaked to data leak sites or hacking forums. His team Maze ransomware was the first to publish its stolen data Allied Universal, because the second refused to pay the ransom requested, in November 2019.