Security News > 2023 > September > Save the Children hit by ransomware, 7TB stolen

Cybercrime crew BianLian claims to have broken into the IT systems of a top non-profit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.

As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang's description of its unnamed victim, looks to be Save The Children International.

We tend to agree with VX-Underground, which opined: "BianLian ransomware group needs to be punched in the face." And while breaking into and extorting a nonprofit whose focus is to make children "Healthier, safer and better educated" seems beneath even the most tragic of cyber-criminals, it's pretty much par for the course with BianLian.

While BianLian started off as a double-extortion ransomware crew - steal data, encrypt systems, and threaten to leak files and not provide a decryption key unless the victim pays a ransom - earlier this year, they shifted to pure extortion, as before but minus the encryption, according to government and private-sector threat hunters.

In May, the US and Australian law enforcement and cyber security agencies issued a joint statement warning organizations to "Strictly limit the use of RDP and other remote desktop services" to avoid BianLian infections and extortion attempts.

While we don't know how the criminals broke into Save The Children, if that is the case, now's a good time to review the Feds' advice [PDF] and shore up your remote-desktop security to avoid becoming the next victim on BianLian's list.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/11/bianlian_save_the_children/