Global non-government organization Save The Children International has confirmed it was hit with a ransomware attack after the BianLian ransomware group listed the charity organization, which is dedicated to promoting the well-being of children worldwide, on its data leak website.
The group claimed to have stolen 6.8 terabytes of data from the nonprofit, including email correspondence, medical and health data, financial data personal data, and Human Resource information.
The organization’s spokesperson told Recorded Future News that the ransomware attack had not affected the charity’s operations and that the investigation is still ongoing.
“This process is complex and takes time, but remains our absolute priority. Our systems are also secured, and we are confident in the ongoing integrity of our IT infrastructure. These types of incidents are a reality that all organizations face, but it is disappointing that Save the Children, whose core purpose is to help those most in need, is also subject to such unwarranted activity,” the spokesperson said.
The BianLian ransomware (not to be confused with the same-name Android malware) first emerged in August 2022 and is known to target manufacturing, education, healthcare, professional services, energy, banking, financial services, and insurance (BFSI), and the entertainment industry.
Earlier this year, the US and Australian cybersecurity agencies released a joint security advisory detailing the tactics, techniques, and procedures (TTPs) of the BianLian ransomware operation. While in the past the group engaged in double extortion tactics, starting January 2023, the threat actor has changed its attack methods focusing exclusively on exfiltration-based extortion.