How can charities protect themselves from ransomware attacks?
In 2020, a US-based cloud computing provider that serves nonprofits, foundations, education institutions, and healthcare organizations (and more), Blackbaud, was hit by a ransomware attack.
Blackbaud supplies its technology to many well-known charities in the UK, including; the National Trust, the charity YoungMinds and the homeless charity Crisis. The attack didn’t just hit the charity sector; many educational establishments in the UK and North America were affected by the attack. This included; University College, Oxford, University of Exeter, University of York, Oxford Brookes University, Loughborough University and the University of Leeds.
What Impact did the ransomware attack have on the charity?
The attack allowed cybercriminals to obtain donor records that belonged to the charity and other non-profits. Whilst there was a large volume of data stolen from the affected charities, it did not include credit or payment card data and Blackbaud’s popular fundraising platform JustGiving, was also not affected by the attack.
However, for the education establishments that were also involved, the hackers accessed student numbers, addresses, phone numbers, email addresses, names, titles, gender, dates of birth and LinkedIn profile URLs of University community members.
What is a ransomware attack?
Ransomware attacks can devastate organisations; victims often require significant recovery time to reinstate critical services. It is, therefore, vital that organisations have an up-to-date and tested offline backup of their data.
Often cybercriminals deploy ransomware to encrypt data that will have the most impact on an organisation’s services. This can affect access to computer networks and services, including email systems, donation pages, online stores and websites.
Whilst it's hard to predict how a compromise will begin with a ransomware attack, cybercriminals will focus their attack strategy on finding vulnerabilities in your network; passwords, phishing emails, and out-of-date security tools.
How can you help your charity avoid becoming a victim of a ransomware attack?
Charities can help make their organisations safer from cybercriminals by:
Keep the operating systems on all devices up-to-date.
Don't allow staff to install third-party software or have administrative privileges unless your IT team has approved it.
Ensure you have installed antivirus software, which helps detect malicious programs like ransomware.
Back up your files frequently! Whilst a backup won't stop a malware attack, it can minimise the damage caused by one and keep your data safe.
Set up a Cyber Incident Response Plan, so your staff know what to do during a cyber attack.
Consider testing your staff's response to phishing emails through a simulated phishing exercise.
Alongside these simple, easy-to-follow points, we have created and collated a suite of resources, services, and tools relevant to charities.
A cyber-attack has hit 24% of charities in the last 12 months. These resources will help to strengthen your resilience against similar attacks.