The gang that had used the Mespinoza/Pysa Windows ransomware to attack MyBudget — a fact the company confirmed to iTWire on 29 May — had put up the company's name, with no data files below it at the time that story was published (graphic below).
But today, security sources have told iTWire that the attackers have now removed the company's name from their website.
iTWire contacted MyBudget to seek details on this development, but the company is yet to respond.
The sources said that this removal of MyBudget's name from the Mespinoza/Pysa meant either that the company had paid a ransom or else said it would negotiate and asked for its name to be removed as a bargaining tactic.
Last week, MyBudget was listed on the Mespinoza/Pysa site.
"The problem with this is that, even if the ransom was paid, the company only has a pinky promise that the copy of the data will be deleted and not misused and that pinky promise is being made by criminals," the sources added.
MyBudget, a company that manages money for about 13,000 clients who are mostly from the not-so-wealthy ranks in Australia, went down on 9 May and stayed that way until 22 May.
The length of time it was offline could well indicate that it was not a single server that was under attack, but rather that the attackers were able to hit multiple servers.
MyBudget initially blamed unspecified malware and then changed its story to unspecified ransomware.
But when iTWire raised the issue on 29 May, the company finally came clean and admitted that the Mespinoza/Pysa ransomware had taken the servers offline.
MyBudget's clients pay a joining fee of $1100 and are then charged anything from $40 upwards a week.