Making Sense of the Blackbaud Ransomware Attack

Making Sense of the Blackbaud Ransomware Attack

Currently, the cybersecurity discourse is consumed with talk about the revelations surrounding the Blackbaud ransomware attack. What happened? What lessons can enterprises learn from it? What might the fallout of the Blackbaud ransomware attack entail? 

Here are the facts. Blackbaud, a cloud software supplier, suffered a ransomware attack that took place over the course of several months and only discovered in May. Upon discovery, Blackbaud decided to pay the ransomware attackers, a move considered unwise by cybersecurity experts. 

Then, the supplier waited two months before initially disclosing the attack to the public. In its original statement, Blackbaud stated that its security team mitigated the damage and expelled the attackers. Additionally, it claimed it paid off the hackers to protect its clients, and that the hackers did not access sensitive data. However, they acknowledged hackers did copy a subset of client data. 

In a new regulatory filing, Blackbaud admitted that hackers did steal sensitive data from some customers including bank account information and social security numbers. Breached information also includes passwords and usernames, although the company believes credit card information was not affected. The affected information may not have been encrypted prior to the attack. 

Blackbaud’s clients include numerous universities as well as several charities in the U.S. and the U.K.

Expert Commentary: The Blackbaud Ransomware Attack

Mounir Hahad

Mounir Hahad is Head of the Juniper Threat Labs at Juniper Networks. 

“It used to be that computers were secure and that only communication was vulnerable to interception. But that time has long gone. We seem to focus so much on securing communication with encryption that we forget that data security has three essential components: securing data at rest so no one can steal it, securing communication so no one can snoop in on it and ensuring data integrity so no one can tamper with it. Every organization has to take a hard look at the data it stores and make sure no sensitive data is ever stored or moved around in the clear and that data integrity is verified at critical processing steps. Unfortunately, I have little faith this will just happen out of good will. We will need some legislation that mandates this policy and punishes organizations that egregiously ignore this mandate and end up exposing troves of sensitive customer data.”

Saryu Nayyar

Saryu Nayyar is CEO of Gurucul

“The revelations about the Blackbaud breach are disappointing but, sadly, not surprising.  Originally reported as a loss of non-vital information, the forensics reveals a different picture.  At the time, there was no reason to assume the attackers wouldn’t abuse or sell the personal information they had.  Now that forensics have shown the attackers had access to credit card and banking information, it’s almost certain that information will end up for sale on the dark web, making this incident considerably more serious than originally assumed.”

Dan Piazza

Dan Piazza is Technical Product Manager at Stealthbits Technologies.

“To stay positive in the court of public opinion, it’s typically best practice to avoid definitive statements about the scope of a potential breach before a full investigation has been performed. Ultimately, it’s far easier to simply state you’re taking the matter seriously and will have further comments after conducting an extensive review of the incident, rather than needing to backtrack from a strong statement that turned out to be false. Needing to walk back statements can, perhaps unfairly, call into question future statements, and brings about scrutiny that could have been avoided. When breaches occur, consumers and others affected will be upset regardless. However, trust is reduced further when false statements are made, despite an organization’s good intentions.”

Thanks to these experts for their time and expertise. Learn more about securing your data in our SIEM Buyer’s Guide

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner