iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Infamous ransomware operator BianLian has cryptically boasted about exfiltrating nearly seven terabytes of data from “the world’s leading nonprofit organisation”, according to its darknet leak site.
Unlike many similar gangs, BianLian likes people to play a guessing game to work out who it has targeted. It posts somewhat redacted versions of its victims on its leak site, but there is often enough context to make a strong guess.
In this case, BianLian’s claiming to have 6.8 terabytes of data belonging to:
**** **e ******e* ***e*********
“The world’s leading nonprofit organisation,” BianLian’s leak posts goes on to add, “employing around 25,000 staff and operating in 116 countries”.
It doesn’t take a sleuth to work out the missing letters, nor much research to match those numbers to the more than 100-year-old charity.
“With 25,000 dedicated staff across 116 countries,” Save the Children said on its website, “we respond to major emergencies, deliver innovative development programmes, and ensure children’s voices are heard through our campaigning to build a better future for and with children”.
BianLian said it has information pertaining to human resources, medical information, emails, and more than 800 gigabytes of financial data.
BianLian has not posted how much it hopes to extort for the data or when it will be published.
The ransomware gang – named after a form of traditional Chinese performance – made news this year when it switched its tactics from traditional encryption operations to outright extortion. After a free decryptor for its ransomware was released earlier in 2023, it stopped encrypting its targets, instead exfiltrating data wholesale and threatening to post it online if no payment is received.
“In 2023, FBI observed BianLian shift to primarily exfiltration-based extortion with victims’ systems left intact, and ACSC observed BianLian shift exclusively to exfiltration-based extortion,” a joint advisory read at the time. “BianLian actors warn of financial, business, and legal ramifications if payment is not made.”
And while many ransomware operators say they stay away from certain targets, such as healthcare, religious, and charity organisations, BianLian seems to have no such qualms.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
