Ransomware crew claims to have hit Save The Children • The Register

Cybercrime crew BianLian claims to have broken into the IT systems of a top non-profit and stolen a ton of files, including what the miscreants claim is financial, health, and medical data.

As highlighted by VX-Underground and Emsisoft threat analyst Brett Callow earlier today, BianLian bragged on its website it had hit an organization that, based on the gang’s description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.

BianLian added that its victim, “the world’s leading nonprofit,” operates in 116 countries with $2.8 billion in revenues. The extortionists claim to have stolen 6.8TB of data, which they say includes international HR files, personal data, and more than 800GB of financial records. They claim to also have email messages as well as medical and health data.

Presumably BianLian intends to leak or sell this info if a ransom demand is not met. The NGO did not immediately respond to The Register‘s inquiries.

We should note The Register has not been able to verify the crooks’ claims. But we tend to agree with VX-Underground, which opined: “BianLian ransomware group needs to be punched in the face.” And while breaking into and extorting a nonprofit whose focus is to make children “healthier, safer and better educated” seems beneath even the most tragic of cyber-criminals, it’s pretty much par for the course with BianLian.

The crew, which has been around since June 2022, has made a name for itself by targeting healthcare and critical infrastructure sectors. 

While BianLian started off as a double-extortion ransomware crew — steal data, encrypt systems, and threaten to leak files and not provide a decryption key unless the victim pays a ransom — earlier this year, they shifted to pure extortion, as before but minus the encryption, according to government and…