Cloud software provider Blackbaud pays ransom, as incidents rise globally

Image by Pete Linforth from Pixabay

WEEK IN IT SECURITY – Just as we were reporting last week on our sister site The Evolving Enterprise that ransomware is behind 1 in 3 cyber security attacks on organisations, news was breaking of another major ransom attack, reports Jeremy Cowan.

This time South Carolina-based Blackbaud, a third-party supplier of database services and customer relationship management (CRM) systems for enterprises, had paid hackers an undisclosed ransom to unlock its own client data.

Blackbaud describes itself as the “world’s leading cloud software company powering social good.” The clients in question reportedly include, homeless charity Crisis, the UK Universities of Aberystwyth and Aberdeen*, each of which has issued apologetic notices to its customers and partners. Other customers listed by the company include the American Diabetes Association, the Universities of London and Oxford, and YWCA Chicago.

In a statement Blackbaud said: “In May of 2020, we discovered and stopped a ransomware attack. In a ransomware attack, cybercriminals attempt to disrupt the business by locking companies out of their own data and servers. After discovering the attack, our Cyber Security team — together with independent forensics experts and law enforcement — successfully prevented the cybercriminal from blocking our system access and fully encrypting files; and ultimately expelled them from our system. Prior to our locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment. The cybercriminal did not access credit card information, bank account information, or social security numbers.”

It went on, “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly. … We apologise that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”

It is not clear from the statement what reassurance was given by the criminals that the data would not be misused or shared in future, or how Blackbaud could trust the hacker’s assertion it was destroyed.

Discovered in May, notified in July

In a message to its alumni, Rob Donelson, executive director of Advancement at Aberdeen University wrote: “On 16 July 2020, Blackbaud advised us that it had discovered a ransomware attack in May 2020. According to Blackbaud, the cybercriminal removed data from its backup server at some point between 7 February and 20 May 2020, and we have been informed that data related to our alumni was part of that. We understand that a significant number of organisations around the world have been affected.”

One point of immediate concern to clients was Blackbaud’s delay in notifying them of the data breach. Aberdeen University said: “Blackbaud has advised that they did not notify us sooner because they needed to: defend against the attack; conduct the subsequent investigation; take measures to address the issue that led to the incident; and prepare resources for its customers. However, we are investigating this further,” adding pointedly, “We are reviewing as a matter of urgency the contractual arrangements with Blackbaud, focusing on their current and proposed security measures for our data. We have also made a formal report to the Information Commissioner’s Office (ICO).”

Could it have been me?

If this can happen to an organisation whose raison d’etre is the storage and protection of mission-critical data then it demonstrates that this could happen to any of us. We would urge readers to spend a few minutes considering how they might benefit from the 5 Steps outlined in the NordLocker article.

SonicWall’s mid-year Cyber Threat Report

Report finds ransomware up globally

SonicWall Capture Labs threat research team has published its mid-year update to the 2020 SonicWall Cyber Threat Report. This highlights increases in ransomware, opportunistic use of COVID-19, systemic weaknesses and growing reliance on Microsoft Office files by cyber criminals.

SonicWall president and CEO, Bill Conner said, “This latest data shows that cyber criminals continue to morph their tactics to sway the odds in their favour during uncertain times. With everyone more remote and mobile than ever before, businesses are highly exposed. It’s imperative that organisations move away from makeshift or traditional security strategies.”

During the first half of 2020, global malware attacks fell from 4.8 billion to 3.2 billion (-24%) over 2019’s mid-year total. This drop is the continuation of a downward trend that began last November. Despite this decline, Conner said, “ransomware continues to be the most concerning threat to corporations and the preferred tool for cyber criminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020.

Comparatively, the U.S. and U.K. are facing different odds. SonicWall Capture Labs threat researchers logged 79.9 million ransomware attacks (+109%) in the U.S. and 5.9 million ransomware attacks (-6%) in the U.K. — trends that continue to ebb and flow based on the behaviours of agile cybercriminal networks.

Malware-laden COVID-19 emails

The combination of the global pandemic and social-engineered cyber attacks has proven to be an effective mix for cyber criminals utilising phishing and other email scams, according to SonicWall.

As expected, COVID-19 phishing began rising in March, and saw its most significant peaks on March 24, April 3 and June 19. This contrasts with phishing as a whole, which started strong in January and was down slightly globally (-15%) by the time the pandemic phishing attempts began to pick up steam.

SonicWall Cyber Threat Report

IoT continues to serve threats

Work-from-home (WFH) employees or remote workforces can introduce many new risks, including Internet of Things (IoT) devices like refrigerators, baby cameras, doorbells or gaming consoles. IT departments are besieged with countless devices swarming networks and endpoints as the footprint of their corporate expands beyond the traditional perimeter.

Researchers at SonicWall found a 50% increase in IoT malware attacks, mirroring the number of additional devices that are connected online as individuals and enterprise alike function from home. Unchecked IoT devices can give cyber criminals an open door into what may otherwise be a well-secured organisation, said SonicWall.

To download the mid-year update, go to
Other cyber security guidance is available on these pages:

The author is Jeremy Cowan, editorial director of VanillaPlus, The Evolving Enterprise, and IoT Now.
* For full disclosure, Jeremy Cowan is an alumnus of Aberdeen University, Scotland.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


Global Road Technology launches its SDU worldwide to help drive mine site safety and efficiency

Posted on: October 6, 2022

Gold Coast, Australia – Dust control specialists Global Road Technology (GRT) is making automation a core focus of its product offering for the mining sector worldwide with its SMART Dosing Units (SDU) being launched globally as governments call for tighter controls around dust pollution.

Read more

Sateliot works with AWS on cloud native 5G satellite network to connect IoT devices directly to satellites

Posted on: October 4, 2022

San Diego, United States – Sateliot, a satellite telecommunications operator, is working with Amazon Web Services (AWS) to build a cloud native 5G service designed to provide customers with secure and reliable narrowband IoT (NB-IoT) connectivity over non-terrestrial network using its low earth orbit (LEO) satellite constellation. These revolutionary satellites act as cell towers from

Read more

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox