YMCA Derbyshire: A Non-Profit Targeted by Lockbit2 Ransomware

YMCA Derbyshire, a non-profit organization that supports individuals and communities in Derby and Derbyshire, has been targeted by the ransomware group Lockbit2. The organization, which has been in operation since 1847, focuses on key areas of work including Health and Wellbeing, Support and Advice, Family and Youth Work, Training and Education, and Housing.

YMCA Derbyshire serves more than 40 communities and employs over 2000 people, with a turnover of $70m a year. The organization's services include gymnastics classes, swimming lessons, camping, out-of-school-hour centres, and youth and community services. Despite its size and the critical nature of its services, YMCA Derbyshire had not considered itself a likely target for cyber attacks, given the assumption that not-for-profit organizations are less vulnerable.

The Lockbit2 ransomware attack on YMCA Derbyshire is not the first such incident in the YMCA network. In 2019, YMCA NSW, another YMCA organization, was hit with a ransomware attack that encrypted its operating system. The attack forced the organization to close its doors, affecting around 15,000 families in NSW.

The YMCA NSW incident serves as a reminder of the importance of robust cybersecurity measures, even for organizations that may not perceive themselves as high-risk targets. The YMCA NSW response involved a quick decision by the board not to pay the ransom, rebuilding systems from scratch, and restoring services using a cloud-based solution.

The Lockbit2 ransomware group has claimed responsibility for the attack on YMCA Derbyshire via their dark web leak site. The victim's website is http://www.ymcaderbyshire.org.uk/.

Sources

• YMCA Derbyshire | Changing Lives in Derby and Derbyshire
• Ransomware incident launched against YMCA of Greater Charlotte - WBTV https://www.wbtv.com/2021/09/14/ransomware-incident-launched-against-ymca-greater-charlotte/
• Quick board response could save your organisation during a ransomware attack - AICD https://aicd.companydirectors.com.au/membership/the-boardroom-report/volume-18-issue-1/quick-board-response-could-save-your-organisation-during-a-ransomware-attack
• Cyberattack: Charlotte YMCA targeted in ransomware incident | Charlotte Observer https://www.charlotteobserver.com/news/local/article254287783.html
• Some members getting alerted about a September ransomware attack, Charlotte YMCA says - DataBreaches.net https://www.databreaches.net/some-members-getting-alerted-about-a-september-ransomware-attack-charlotte-ymca-says/