Ransomware hits IT services giant — they paid the ransom even after locking hackers out of the system
- A third-party cloud service provider
Blackbaudwas hacked in May but only disclosed the breach on July 23.
- It manages the IT services for the University of York, University of London,
Oxford collegeand other educational institutions.
- Blackbaud claims it was able to get the hackers out of its system but only after “a subset of data” was copied off the servers, which is why they had to pay the ransom.
The hack has reportedly affected universities, non-profit organisations, and foundations. Blackbaud claims that once it spotted the cybercriminals, the company’s IT experts were able to expel the hackers from the system.
Blackbaud pays the ransomware
Before the hackers got locked out, the attackers were able to remove “a copy of a subset of data”.
The group behind the attack then asked for compensation with the threat of releasing the data to the public. “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed,” said Blackbaud in a statement.
The payment was made to ensure that the data will not be circulated, misused, or otherwise be made publicly available, according to the company. The company asserts that no credit card, bank account, or social security information was stolen by the hackers.
List of universities that have confirmed being a target of the attack:
- University of York
- Oxford Brookes University
- Loughborough University
- University of Leeds
- University of London
- University of Reading
- University College (Oxford)
- Ambrose University (Canada)
- Rhode Island School of Design (US)
- University of Exeter
The two-month wait
The bigger issue to be addressed is that the General Data Protection Regulation (GDPR) has asserted that companies must report data breaches to authorities within 72 hours of discovery — or face the consequences in the forms of fines.
The BBC reports that the UK's Information Commissioner's Office (ICO), as well as the Canadian data authorities, were only informed about the breach last weekend, which is much later than when Blackbaud originally uncovered the threat.
82% of companies in India were hit by ransomware — they paid ₹8 crore on average to save themselves
The Cognizant Maze ransomware saga will show its full impact for many months to come
Ransomware attack puts Priyanka Chopra, Lady Gaga, Madonna and other celebrities’ data at risk — and REvil hackers are known to follow through on their threats
- Amazon’s entry in food delivery is a speed bump on Zomato and Swiggy’s race to profitability, says report
- Top bedsheet designs for single beds
- A timeline of how violent protests in Bengaluru killed three, and led to the arrest of 145 people over a Facebook post
- Lucknow records highest spike of 831 Covid cases in a day
- Low-key heroes of the lockdown - Dishwashers!