A German charity that develops sustainable food supplies in impoverished countries has been attacked by a ransomware gang. The charity, Deutsche Welthungerhilfe (WHH), which translates as World Hunger Help, reached 16.4 million people in 2023. It is currently providing emergency aid to people in Gaza, Ukraine, Sudan, and other countries in need. A spokesperson confirmed that WHH had been targeted by a ransomware-as-a-service group known as Rhysida. The Rhysida cyber gang has broken into the systems of Welthungerhilfe and has copied a large amount of data.
The cybercriminals are attempting to sell data stolen from the charity for a total of twenty bitcoin. This is the equivalent of around $2.1 million, a significant sum for the non-profit aid organization. The charity has publicly stated that it will not be making an extortion payment to the criminals. The affected systems were shut down immediately after the intrusion was detected by the organization’s IT staff.
External IT experts who specialize in these types of cases were called in to assist with the response.
It is not clear whether the charity’s computer networks have also been encrypted in addition to the data theft. The following personal data could potentially be impacted: names, addresses, dates of birth, email addresses, and phone numbers. In some cases, supporters’ bank account details and donation amounts could be exposed to the ransomware group. However, it is not possible to determine the exact group of affected persons whose data has been leaked. WHH has informed the relevant data protection authority and has also consulted with its data protection officer.
The charity stressed it was continuing its work in its project countries completely unchanged by this incident.
It continues to stand by the side of the people who need its support during many humanitarian crises. The RaaS group Rhysida, which is extorting WHH, was previously responsible for attacks on multiple different hospitals. This includes The Ann & Robert H. Lurie Children’s Hospital of Chicago and hospitals run by Prospect Medical Holdings. Last year, the group also attempted to extort the disability nonprofit organization Easterseals, showing a pattern of behavior.
Reference:
