This week, documents filed with the United States Securities and Exchange Commission ( SEC) by cloud computing company Blackbaud show that bank account data and social security numbers might have been affected earlier this year in a ransomware attack.
Blackbaud, which is primarily known for the donation suites used by charities and educational organisations but also provides payment systems, officially announced in June 2020 that it had succeeded in preventing a ransomware attack, but not until such data was compromised.
The organisation confessed to paying ransomware operators at the time to erase the data exfiltrated during the attack, but said that there was no compromise on personal identifiable information ( PII) or bank account details.
The cloud computing firm said in a Form 8-K filing this week that a subsequent investigation found that the attackers were able to access information relating to bank accounts, social security numbers, and user credentials.
‘After July 16, more forensic analysis disclosed that the cybercriminal might have exploited certain unencrypted fields for bank account records, social security numbers, usernames and/or passwords for some of the notified clients. The organisation said that, in most situations, fields meant for confidential information were encrypted and not available.
Blackbaud confirmed that in July it took action to warn the currently infected customers, but that the current results do not extend to all those infected by the ransomware threat.
“In the week of September 27, 2020, consumers that we suspect are using these fields for those details are approached and are provided with additional assistance,” Blackbaud noted in the filing.
The firm has said that the incident investigation will proceed, as will the compliance enhancements to its infrastructure. Any additional facts that are discovered through the investigation will be alerted to shareholders, stockholders and other involved parties.
In this case, the double threat element of ransomware is an important attack vector for cybercriminals. In an emailed statement, Matt Lock, UK Technical Director at Varonis, said it exfiltrates valuable original research data and IP for later selling on the dark web while locking the authors out of files that could theoretically hold 100s of hours of irreplaceable work.