But the organization said it had already backed up its files at a another location and simply eliminated the files locked by the malware after it learned of the breach on Sept. 23.
“We immediately took steps to address the breach, secure our data, and determine the extent of organizational data that may have been compromised,” according to a notice on the conservancy's website.
“Several computers and the server were infected. The data from these files were backed up; therefore, we were able to delete the infected files, ‘clean’ the servers and computers, and re-load the data,” according to the web site.
It allowed the conservancy to avoid paying the attackers to unlock the files.
“We are continuing to monitor and assess the situation and working closely with our IT consultant to address the incident. Sensitive donor financial information is kept in a secure, cloud-based server that was not affected by this breach. Nevertheless, we are working to ensure that no sensitive information was on our internal server that was breached, and if any was there, exactly what information was affected and what steps are needed to remediate the issue.”
The conservancy is also setting up a dedicated web page to keep donors and other interested parties updated, Executive Director Jamie Brown said in the notice.
Brown couldn’t immediately be reached for comment on Monday.
According to the Glens Falls Post-Star, the hackers wanted to be paid in Bitcoin, a form of cryptocurrency that is exchanged on the Internet and nearly impossible to trace.
Ransomware attacks are increasingly common and organizations ranging from the Albany International Airport to the town of Colonie have been hit by them in recent years.
One danger, said cybersecurity expert Bret Callow, is exfiltrtration in which the hackers get and release information of people, such as donors, in the target's data base. It wasn't immediately clear what the Conservancy had in its data bases.
In addition to the airport and municipalities, Callow noted that a number of communities across the nation had date exfiltrated in September including North Tonwanda.
Callow believes that the solution ultimately requires a ban on paying ransoms after such attacks.
©2020 the Times Union, Distributed by Tribune Content Agency, LLC.
