Meli Non-Profit Hit by Qilin Ransomware: 215GB of Data Stolen
Incident Date:
August 25, 2024
Overview
Title
Meli Non-Profit Hit by Qilin Ransomware: 215GB of Data Stolen
Victim
Meli (BCYF & Bethany)
Attacker
Qilin
Location
First Reported
August 25, 2024
Qilin Ransomware Group Targets Meli (BCYF & Bethany) in Significant Cyber Attack
Meli, a prominent non-profit organization formed from the merger of Barwon Child, Youth & Family (BCYF) and Bethany Community Support, has recently fallen victim to a ransomware attack orchestrated by the Qilin group. This attack has raised significant concerns about the security of sensitive data within non-profit organizations.
About Meli
Meli operates in the Barwon region of Victoria, Australia, providing a comprehensive range of community support services. With a workforce of over 750 staff members, Meli is the largest provider of kindergarten programs in the region, operating 30 kindergartens. The organization also offers foster and kinship care, family services, youth services, disability services, and emergency relief and financial counseling. Meli's commitment to social justice, equality, and community support makes it a vital entity in the region.
Attack Overview
The Qilin ransomware group has claimed responsibility for the attack on Meli via their dark web leak site. The group alleges the theft of 419,617 files, amounting to 215 gigabytes of data, which includes financial statements, confidentiality agreements, and personal identification documents. Meli detected the breach and promptly initiated measures to secure its systems, engaging forensic specialists and cybersecurity advisors. While client services remain unaffected, some internal processes have been disrupted, necessitating a temporary shift to manual operations.
About the Qilin Ransomware Group
The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. The group first appeared in October 2022 and has since targeted various organizations, including healthcare providers, automotive companies, and government agencies. Qilin uses advanced tactics such as data exfiltration and double extortion to pressure victims into paying ransoms. The group is known for its adaptability and cross-platform capabilities, symbolized by its name derived from the mythical Chinese creature.
Potential Vulnerabilities
Non-profit organizations like Meli are often targeted by ransomware groups due to their extensive databases of sensitive information and potentially lower investment in cybersecurity measures compared to for-profit entities. The Qilin group could have penetrated Meli's systems through various means, including phishing attacks, exploiting unpatched vulnerabilities, or leveraging weak password policies. The attack on Meli underscores the importance of comprehensive cybersecurity measures, even for organizations dedicated to community support and social services.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.