On Friday evening, the company posted the last of many updates, informing its 13,000-odd customers that the client web portal and app were back online.
But MyBudget is yet to say whether administration fees, which it charges and which were put on hold since the outage began, will be waived or will be charged later.
The firm, whose customers come mostly from the less wealthy in Australia, charges $1100 as an establishment fee when someone becomes a customer. One then pays anything from $40 upwards per week for the firm to manage their money
There was no information provided as to the malware or ransomware that caused the outage. The update mostly contained the same information as the previous updates, with plenty of advice.
But despite the cheery tone of the update, it looks like there are still gremlins stalking MyBudget, with a message today saying the Web portal messaging was not working.
The Friday video update from MyBudget founder Tammy Barton contained the usual spiel, including a word of thanks for messages during the outage that had complimented the company's staff. But it appears that many of the negative messages have been edited or removed.
Some customers have decided that they had better look elsewhere for such solutions.
One message read: "Look it's been nice. MyBudget helped me when I needed it the most, however in the 2 weeks I've figured out I can do it better myself. That combined with the fact that I'm suddenly getting a lot of telemarketing cold calls and there's been no clarity on the steps being taken to ensure it won't happen again mean that i will be parting ways with the company."
"This incident certainly highlights a big problem – namely, that MyBudget’s customers have no clue what’s actually happened," commented Brett Callow, ransomware researcher at security outfit Emsisoft.
"For all they know, a ransomware group has every bit of information that MyBudget held about them. Will MyBudget be honest? If data was exfiltrated, will they disclose the fact?
"Have they paid to make the problem go away, in which case the criminals would still have the stolen data? Will people only start to learn what actually happened when they receive bills for credit cards they didn’t take out?
"This is the same for all incidents. There’s no visibility. The public simply need to rely on companies being honest."
Callow pointed to the example of Valuation Research Corporation, an independent, global valuation firm, which could be holding all manner of sensitive information. It was listed by the ransomware gang NetWalker recently and then very quickly delisted.
"But will their current and past clients be informed about the incident?" he asked.