Blackbaud, a company that provides financial and fundraising technology to nonprofits, has been the victim of a ransomware attack. The organization did not name the ransomware, nor did they publicize how their systems were compromised. The infection took place in May of this year and was quickly detected by Blackbaud security members. While the security team was able to quarantine the infection before Blackbaud’s systems were encrypted, the attackers were able to exfiltrate a “subset of data” from Blackbaud’s network. Blackbaud did not disclose what data was stolen but did confirm that neither credit card data, bank account information, nor Social Security numbers were compromised with the stolen data. The attackers contacted Blackbaud with a ransom demand to stop the release of the stolen data. After working with both law enforcement and a private security firm to both assist in the ransom payment and to confirm that the attackers deleted the data, Blackbaud also opted to retain an outside security firm to monitor for the release of any of Blackbaud’s data on criminal forums and marketplaces.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in