The Incident: Last year US based Blackbaud, one of the largest providers of fundraising, education administration and financial management software to the charity and education sectors were hit by a ransomware attack.
Blackbaud supply their technology to many well-known charities including, the National Trust, adolescent mental health charity YoungMinds and homeless charity Crisis. The attack didn’t just hit the charity sector however, many educational establishments in the UK, US and Canada were hit by the attack.
These UK institutions included in the attack were:
University of Birmingham
De Montfort University
University of Strathclyde
University of Exeter
University of York
Oxford Brookes University
University of Leeds
University of London
University of Reading
University College, Oxford
The attack allowed cyber criminals to obtain donor data that belonged to the charities and other non-profits. The data stolen from the charities that were affected did not include credit or payment card data and Blackbaud’s popular fundraising platform JustGiving, was also not affected by the attack.
However, for the education establishments that were caught up in it, the hackers accessed names, titles, gender, dates of birth, student numbers, addresses, phone numbers, email addresses, and LinkedIn profile URLs of members of the University community.
What is a ransomware attack?
Ransomware attacks can have a devastating impact on organisations, with victims requiring a significant amount of recovery time to reinstate critical services. It is therefore vital that organisations have up-to-date and tested offline backups.
Often the aim of cyber criminals deploying ransomware is to encrypt data that will have the most impact on an organisation’s services. This can affect access to computer networks as well as services including email systems and websites.
Ransomware attackers can gain access to a victim’s network through a number of infection vectors. Indeed, it can be hard to predict how a compromise will begin, as cyber criminals adjust their attack strategy depending on the vulnerabilities they identify.
How can you help your charity avoid becoming victim to a ransomware attack?
Charities can help make their organisations safer from cyber criminals by following simple, easy to follow guidance, take a look at our recent articles to discover the full range of resources.