The harmful and prolific BianLian ransomware gang claims to have stolen virtually 7TB of information from NGO Save the Children, however fortunately the charity’s important work on the floor seems to be unaffected
By
-
Alex Scroxton,
Security Editor
Published: 13 Sep 2023 14:45
NGO Save the Children, certainly one of the world’s oldest and largest charities, has confirmed it has fallen sufferer to a ransomware assault by the BianLian operation.
First tracked by VX Underground – which acknowledged that the gang wanted “to be punched in the face”, a press release with which it’s arduous to argue – and Brett Callow of Emsisoft, the assault first got here to mild on Monday 11 September when info on the hit was posted to the gang’s leak website.
BianLian didn’t initially title Save the Children, however fairly claimed to have hit “the world’s leading non-profit organisation, employing around 25,000 staff and operating in 116 countries” with income of $2.8bn.
Parts of this description tally with the charity’s personal boilerplate, nevertheless BianLian’s assertion of Save the Children’s monetary place seems to be extremely inaccurate – the charity’s complete earnings in 2022 was £294m.
It claimed to have stolen 6.8TB of information, together with 800GB of the charity’s monetary information, human assets info, private information, together with well being and medical information, and e-mail correspondence.
Save the Children’s press workplace was but to answer a request for remark at the time of publication, however in a press release circulated to media shops, it confirmed it had skilled an “IT incident” involving unauthorised entry to part of its community.
“There has been no operational disruption and the organisation continues to function as normal to build a better future for children across the world,” a spokesperson for the charity mentioned.
“We are working arduous with exterior specialists to know what occurred and what information was impacted so we will take all the acceptable subsequent steps. This course of is advanced and takes time, however stays our absolute precedence. Our methods are additionally secured, and we’re assured in the ongoing integrity of our IT infrastructure.
“These types of incidents are a reality that all organisations face, but it is disappointing that Save the Children, whose core purpose is to help those most in need, is also subject to such unwarranted activity. Our investigation is ongoing, and we will continue to work with the relevant authorities. We will get to the bottom of this, and we thank all our staff and supporters for their patience and understanding in the meantime.”
Little is understood about the BianLian ransomware gang, and though it takes its title from a method of Chinese opera from Sichuan Province, it’s much more more likely to be a Russian-speaking operation. It was certainly one of quite a lot of crews to emerge throughout the course of 2022, coming into the ascendency at about the similar time as the likes of Black Basta, Hive and Alphv/BlackCat and establishing itself as a prolific felony enterprise.
In 2023, it has turn into certainly one of quite a lot of ransomware gangs to have pivoted away from encrypting its victims’ information, preferring as a substitute to easily steal it and threaten to leak it if not paid off.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), BianLian generally accesses its victims’ methods utilizing legitimate distant desktop protocol (RDP) credentials, and makes use of quite a lot of open supply instruments and command-line scripting for discovery and credential harvesting.
It exfiltrates their information by way of quite a lot of means, normally by way of File Transfer Protocol (FTP), and bonafide cloud storage and file switch providers similar to Rclone and Mega.
To exert stress on its victims, it makes a present of printing its ransom observe to printers on their networks, and staff of victimised organisations have reported receiving threatening phone calls from individuals claiming to be group members.
Storied charity
Founded in the UK in 1919 to assist the famine-stricken Central Powers of Austria-Hungary and Germany in the wake of the First World War, over its 104-year lifetime Save the Children has grown into certainly one of the largest youngsters’s charities in the world.
Early in its historical past, it carried out aid operations on the floor in the Soviet Union throughout a famine in 1923, the place it’s thought to have saved over half one million lives – a truth apparently misplaced on the Russia-linked BianLian gang – and it was amongst the first assist organisations on the floor to help refugees and survivors of the Nazi focus camps in 1945.
The charity went on to render help in a few of the 20th Century’s worst crises, together with the Korean War, the Hungarian Revolution of 1956, and the Biafran and Vietnam Wars. It additionally contributed extensively to the preliminary draft of what was to turn into the United Nations (UN) Convention on the Rights of the Child, adopted in 1989.
Currently, it’s energetic in a number of ongoing crises in international locations similar to Afghanistan, Lebanon, Morocco, Sudan and Ukraine.
Read extra on Hackers and cybercrime prevention
-
Cyber criminals pivot away from ransomware encryption
By: Alex Scroxton
-
Charity information stolen in ransomware assault on provider
By: Alex Scroxton
-
March ransomware disclosures spike behind Clop assaults
By: Arielle Waldman
-
Ransomware assaults up 45% in February, LockBit accountable
By: Alex Scroxton
…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366552075/BianLian-ransomware-gang-holds-Save-the-Children-hostage