Blackbaud Attack Merits NPR Response

A Message To Donors

A few weeks ago, we reported on the Blackbaud ransomware attack affecting businesses and non-profits across the US, UK, and Canada. While Blackbaud paid the undisclosed ransom, the entities affected are still dealing with the aftermath.

NPR recently reached out to its donors to let them know their financial information wasn’t compromised. They could not, however, guarantee that all information hadn’t been accessed.

Current.org obtained an Aug. 3 memo by Christopher Turpin, chief of staff and interim chief development officer for NPR. Details below mention that what information may have been obtained by the cybercriminals.

“We are writing out of an abundance of caution. This incident may have affected your contact information, demographic information, and if you have made a gift to NPR, the history of those donations,” wrote Turpin. “Importantly, we want to assure you that the incident has not exposed any sensitive personal identification or financial data such as your credit card or bank account information, government identification number, or social security number, as we do not record or store this information in our database.”

Turpin noted that Blackbaud “assured us that they are confident that the cybercriminals have in fact destroyed the stolen file, and have not misused or further disseminated any data contained in the file.”

Paying The Ransom

This example illustrates the Catch-22 of paying a ransom. Blackbaud was assured by the hackers that the stolen information was destroyed, but can an organization ever really know for sure? However, they wanted to put forward a good faith effort to the organizations in their care.

Getting hit with a ransomware attack can completely devastate an organization, but paying the ransom can be equally as devastating. The best practice is a preventative plan. Remember to keep yourself educated on current ransomware trends. You also want an antivirus product that works on a default-deny approach. Default-deny keeps unknown executables off your system.

As ransomware becomes more sophisticated, the fight against it will continue to rise to the occasion. Make sure you’re staying up-to-date. And, as always, stay safe out there.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles