Cybercriminal group BianLian has claimed responsibility for a significant ransomware attack on a major nonprofit, widely believed to be Save The Children International. This renowned NGO, operating in 116 countries with $2.8 billion in revenues and employing around 25,000 people, has allegedly had 6.8TB of data stolen, including financial records, international HR files, personal data, and medical information.
While the full extent of the breach is under investigation, the criminals are threatening to leak or sell the data if a ransom is not paid. This audacious attack highlights the urgency of bolstering remote-desktop security in organizations to prevent such incidents in the future.
BianLian, active since June 2022, has built a reputation for targeting the healthcare and critical infrastructure sectors. Initially known for double-extortion ransomware attacks, they have transitioned to pure extortion, omitting encryption but still demanding ransoms. These attackers employ the Go programming language to evade endpoint protection tools, making them a formidable threat.
In May, US and Australian law enforcement and cybersecurity agencies issued a joint warning, advising organizations to restrict the use of remote desktop services to mitigate the risk of BianLian infections and extortion attempts.
While the exact method of the breach remains unknown, this incident serves as a stark reminder for organizations to review and reinforce their remote-desktop security measures, adhering to guidance from cybersecurity authorities.
In response to this breach, Save the Children International is working diligently with external specialists to assess the extent of the incident and secure its systems. Despite the unfortunate reality of such attacks, organizations must remain vigilant and proactive to protect their sensitive data from malicious actors.
