Blackbaud recently confirmed that bank details and passwords may have been stolen in a charity hack. Blackbaud suffered a data breach back in May, but the attack has resurfaced with new information coming out. The software developer originally paid the ransomware and confirmed bank details were not leaked. While the question around whether to pay for a ransomware attack or not divides opinion, this reinforces the need for transparency.
Recent articles on how paying ransomware hackers can violate US sanctions should serve to remind readers that casually wading into the ever-changing cyber threat landscape can carry dire consequences for the uninitiated and inexperienced.
All breach events are serious but ransomware cases carry additional specific risk and exposure when handled improperly. Organizations facing such an event need to ensure that all reasonable steps are being taken to properly identify the threat actor/group they are facing in order to avoid potential costly regulatory fines on the back end of the breach.
Although the process of attribution is as much art as it is science in many cases, hiring a qualified Incident Response firm to help guide a victim organization through this process is essential in protecting an organization\’s long term interests. Although we agree that if ransomware payments were no longer made, this would serve to disincentivize ransomware attacks, we do not see this as a realistic strategy given the nature of what is at stake and how decentralized cryptocurrency such as Bitcoin operates.
If an organization takes reasonable steps to ensure that the threat actor they are dealing with is not specifically identified as a prohibited party, the decision to pay should ultimately be a business decision left to the victim.
The latest development in the Blackbaud data breach reconfirms the imperative for transparency. While the question of whether to pay for a ransom or not continues to divide opinion, transparency should not. It is important to be honest and organisations should proactively share information about security vulnerabilities between all who can help reduce them. We can learn from each other and only with a transparent approach to security will be able to build trust and create a safer internet.
What is also of great concern is how sensitive data seems to have been stored in unencrypted form. An in-depth defence approach should be in place to ensure that even if sensitive data does leak, it is not easily readable.