September 29, 2023

BianLian ransomware gang claims the responsibility towards the cyber attack on the non-profit organization and has stolen a ton of files, including what the miscreants claim is financial, health, and medical data.

Active since 2022, BianLian bragged on its website it had hit an organization that, based on the gang’s description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919.


BianLian added that its victim, “the world’s leading nonprofit,” operates in 116 countries with $2.8 billion in revenues. The group claims to have stolen 6.8TB of data, which they say includes international HR files, personal data, and more than 800GB of financial records. They claim to also have email messages as well as medical and health data.BianLian intends to leak or sell this info if a ransom demand is not met.

In 2023, FBI observed BianLian shift to primarily exfiltration based extortion with victims’ systems left intact, and ACSC observed BianLian shift exclusively to exfiltration based extortion,” a joint advisory read at the time. “BianLian actors warn of financial, business, and legal ramifications if payment is not made.”

Indicators of Compromise – Based on last FBI Advisory

  • 7b15f570a23a5c5ce8ff942da60834a9d0549ea3ea9f34f900 a09331325df893
  • 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b 75050da22e8e43
  • c1eb11de3a533689267ba075e49d93d55308525c04d6aff 0d2c54d1f52f5500
  • 40126ae71b857dd22db39611c25d3d5dd0e60316b72830e 930fba9baf23973ce

Leave a Reply

%d bloggers like this: