Ransomware hits IT services giant — they paid the ransom even after locking hackers out of the system

Representative imageUnsplash

  • A third-party cloud service provider Blackbaud was hacked in May but only disclosed the breach on July 23.
  • It manages the IT services for the University of York, University of London, Oxford college and other educational institutions.
  • Blackbaud claims it was able to get the hackers out of its system but only after “a subset of data” was copied off the servers, which is why they had to pay the ransom.
One of the world’s leading non-profit software companies was the target of a ransomware attack. A fact they only revealed in July even though the attack was originally detected in May by the company.

The hack has reportedly affected universities, non-profit organisations, and foundations. Blackbaud claims that once it spotted the cybercriminals, the company’s IT experts were able to expel the hackers from the system.

Blackbaud pays the ransomware
Before the hackers got locked out, the attackers were able to remove “a copy of a subset of data”.

The group behind the attack then asked for compensation with the threat of releasing the data to the public. “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed,” said Blackbaud in a statement.

The payment was made to ensure that the data will not be circulated, misused, or otherwise be made publicly available, according to the company. The company asserts that no credit card, bank account, or social security information was stolen by the hackers.

List of universities that have confirmed being a target of the attack:


  1. University of York
  2. Oxford Brookes University
  3. Loughborough University
  4. University of Leeds
  5. University of London
  6. University of Reading
  7. University College (Oxford)
  8. Ambrose University (Canada)
  9. Rhode Island School of Design (US)
  10. University of Exeter
There has been a 20% jump in ransomware attacks globally, second only to Internet-of-Things malware as per SonicWall’s Cyber Threat Report 2020. The attack on Blackbaud is inline with more operators increasing their focus on ‘soft targets’ like education, hospitals and public administration agencies.

The two-month wait
The bigger issue to be addressed is that the General Data Protection Regulation (GDPR) has asserted that companies must report data breaches to authorities within 72 hours of discovery — or face the consequences in the forms of fines.

The BBC reports that the UK's Information Commissioner's Office (ICO), as well as the Canadian data authorities, were only informed about the breach last weekend, which is much later than when Blackbaud originally uncovered the threat.


82% of companies in India were hit by ransomware — they paid ₹8 crore on average to save themselves

The Cognizant Maze ransomware saga will show its full impact for many months to come

Ransomware attack puts Priyanka Chopra, Lady Gaga, Madonna and other celebrities’ data at risk — and REvil hackers are known to follow through on their threats