Save the Children feared hit by ransomware, 7TB stolen

Cybercrime unit BianLian claims to person surgery into nan IT systems of a apical non-profit and stolen a ton of files, including what nan miscreants declare is financial, health, and aesculapian data.

As highlighted by VX-Underground and Emsisoft threat expert Brett Callow earlier today, BianLian bragged connected its website it had deed an statement that, based connected nan gang's explanation of its unnamed victim, looks to beryllium Save The Children International. The NGO, which employs astir 25,000 people, says it has helped much than a cardinal kids since it was founded successful 1919.

BianLian added that its victim, "the world's starring nonprofit," operates successful 116 countries pinch $2.8 cardinal successful revenues. The extortionists declare to person stolen 6.8TB of data, which they opportunity includes world HR files, individual data, and much than 800GB of financial records. They declare to besides person email messages arsenic good arsenic aesculapian and wellness data.

Presumably BianLian intends to leak aliases waste this info if a ransom request is not met. The NGO did not instantly respond to The Register's inquiries.

We should statement The Register has not been capable to verify nan crooks' claims. But we thin to work together pinch VX-Underground, which opined: "BianLian ransomware group needs to beryllium punched successful nan face." And while breaking into and extorting a nonprofit whose attraction is to make children "healthier, safer and amended educated" seems beneath moreover nan astir tragic of cyber-criminals, it's beautiful overmuch par for nan people pinch BianLian.

The crew, which has been astir since June 2022, has made a sanction for itself by targeting healthcare and captious infrastructure sectors. 

• 'Strictly limit' distant desktop – unless you for illustration catching BianLian ransomware
• BianLian ransomware unit goes 100% extortion aft free decryptor lands
• Been deed by BianLian ransomware? Here's your get-out-of-jail-free card
• MGM Resorts shuts down machine systems aft 'cybersecurity incident'

While BianLian started disconnected arsenic a double-extortion ransomware unit — bargain data, encrypt systems, and frighten to leak files and not supply a decryption cardinal unless nan unfortunate pays a ransom — earlier this year, they shifted to pure extortion, arsenic earlier but minus nan encryption, according to authorities and private-sector threat hunters. 

The operators typically usage Go, a newer programming language, to get astir immoderate endpoint protection tools. In May, nan US and Australian rule enforcement and cyber information agencies issued a joint statement informing organizations to "strictly limit nan usage of RDP and different distant desktop services" to debar BianLian infections and extortion attempts.

The alert besides elaborate nan gang's indicators of discuss on pinch its tactics, techniques and procedures observed arsenic precocious arsenic March.

And while we don't cognize really nan criminals collapsed into Save The Children, if that is nan case, now's a bully clip to reappraisal nan Feds' proposal [PDF] and statement up your remote-desktop information to debar becoming nan adjacent unfortunate connected BianLian's list. ®