Ransomware group BianLian has targeted the non-profit organization Save the Children, drawing sharp criticism from cybersecurity experts and leaders.
During the Save the Children cyber attack, the hackers claimed to have successfully exfiltrated a substantial 6.8 terabytes of data from the international organization, which is dedicated to promoting the well-being of children worldwide.
As of the time of writing, the NGO had not issued a formal announcement or comment regarding the Save the Children cyber attack, leaving the claims unverified.
Founded by Eglantyne Jebb in 1919 in response to the dire conditions faced by children after World War I, Save the Children was established as the Save the Children Fund to raise essential funds for children across war-torn Europe.
With a legacy spanning over a century, the organization operates both in the United States and globally. Their mission remains steadfast: providing children with a healthy start in life, access to education, and safeguarding them from harm.
The Cyber Express has emailed to confirm the Save the Children security incident. We will update this report upon receiving a response.
Save the Children Ransomware Attack
In their post, BianLian provided details about Save the Children, describing it as a prominent nonprofit with approximately 25,000 employees and a presence in 116 countries.
This underscores the seriousness of the Save the Children cyber attack, as it potentially affects the records and information of thousands of employees spanning across more than 100 countries, including sensitive information about the children.
Following the Save the Children cyber attack, BianLian illicitly obtained the following data:
- International email correspondence
- International medical and health data
- International financial data
- Personal data
- Human Resource information
The Save the Children ransomware attack by BianLian allowed hackers to exfiltrate international financial data amounting to over 800GB.
Outrage Against Save the Children Cyber Attack
The cyber attack on Save the Children has sparked strong reactions and criticism from cybersecurity experts across various platforms.
The Threat Intelligence platform Cyber Know responded to the situation with a tweet containing emojis, expressing concern that the BianLian extortion group had posted Save The Children International’s data on their leak site.
The Threat Intelligence service VX-Underground strongly condemned this action. In a tweet, VX-Underground stated, “BianLian ransomware group needs to be punched in the face.”
A journalist from The Register expressed support for this sentiment, clarifying that the publication had not independently confirmed the hackers’ claims. Nevertheless, they concurred with VX-Underground’s perspective.
Cybersecurity Analyst Dominic Alvieri also strongly condemned the ransomware attack on Save the Children, describing it as potentially one of the “the lowest breach ever”.
Save the Children Cyber Attack and BianLian
Save the Children, founded in 1919, has a rich history spanning over a century. Their mission has been to provide vital assistance to children worldwide, including essential support such as food, emergency services, education, and improved healthcare, among a range of other services.
“They appear to have ransomed Save The Children – a 104-year-old non-profit. Most notably they were the first to liberate children from WW2 Nazi Concentration Camps,” VX-Underground tweeted.
In another tweet, VX-Underground brought to light that Save the Children helped feed over 675,000 people during a famine in Russia in 1921. “How will you explain this to your people?,” the VX-Underground added.
BianLian is a financially motivated ransomware group that has been active since June 2022. They have breached over systems in a year mainly targeting the United States, the United Kingdom, and Australia.
The United States Cyber Defense agency CISA issued a joint advisory with the FBI and the Australian Cyber Security Centre warning against BianLian.
The joint advisory was published as part of the #StopRansomware effort.
It urged users to limit the use of Remote Desktop Protocol (RDP) and other remote desktop services and to restrict the use of PowerShell. To further enhance security against the BianLian threat, it asked organizations to update Windows PowerShell Core to the latest versions.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.