top of page

If charity begins at home, don’t let ransomware in

A look at how charities can protect themselves from a ransomware attack happens!

In 2020, Blackbaud, a US-based cloud computing provider that serves nonprofits, foundations, education institutions, healthcare organisations (and more), was hit by a ransomware attack.

Blackbaud supplies its technology to many well-known charities in the UK including the National Trust, the charity YoungMinds and the homeless charity Crisis. The attack didn’t just hit the charity sector, though, as many educational establishments in the UK and North America were also affected by the attack. This included University College, Oxford, University of Exeter, University of York, Oxford Brookes University, Loughborough University and the University of Leeds.

What Impact did the ransomware attack have on the charity?

The attack allowed cybercriminals to obtain donor records that belonged to the charity and other non-profits. Whilst there was a large volume of data that was stolen from the charities that were affected, it did not include credit or payment card data and Blackbaud’s popular fundraising platform, JustGiving, was also not affected by the attack.

However, for the education establishments that were also involved, the hackers accessed student numbers, addresses, phone numbers, email addresses, names, titles, gender, dates of birth and LinkedIn profile URLs of members of the University community.

So, what is a ransomware attack?

Ransomware attacks can have a devastating impact on organisations. Victims often require a significant amount of recovery time to reinstate critical services. It is therefore vital that organisations have an up-to-date and tested offline backup of their data.

Often cybercriminals will deploy ransomware to encrypt data that will have the most impact on an organisation’s services. This can affect access to computer networks as well as services including email systems, donation pages, online stores and websites.

Whilst it's hard to predict how a compromise will begin with a ransomware attack, cybercriminals will focus their attack strategy to find whatever vulnerabilities they can identify in your network; passwords, phishing emails, out-of-date security tools.

How can you help your charity avoid becoming victim to a ransomware attack?

Charities can help make their organisations safer from cybercriminals by following some basic steps:

  • Keep the operating systems on all devices up-to-date.

  • Don't allow staff to install third-party software or have administrative privileges unless it has been approved by your IT team.

  • Make sure you have installed antivirus software, which helps to detect malicious programs like ransomware.

  • Back up your files, frequently! Whilst a backup won't stop a malware attack, it can minimise the damage caused by one and keep your data safe.

Remember this stat: 26% of charities have been hit by a cyber-attack in the last 12 months.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page