Ransomware Attack Disrupts Promises2Kids Nonprofit Operations

Incident Date:

August 16, 2024

World map

Overview

Title

Ransomware Attack Disrupts Promises2Kids Nonprofit Operations

Victim

Promises2Kids

Attacker

Qilin

Location

San Diego, USA

California, USA

First Reported

August 16, 2024

Ransomware Attack on Promises2Kids by Qilin Group

Promises2Kids, a prominent nonprofit organization based in San Diego, California, has recently fallen victim to a ransomware attack orchestrated by the Qilin ransomware group. The breach, discovered on August 19, 2024, has compromised the organization's operations and potentially sensitive data, raising significant concerns about the security of nonprofit organizations.

About Promises2Kids

Promises2Kids is dedicated to supporting foster youth and former foster children, providing them with the necessary tools, opportunities, and guidance to overcome their past challenges. The organization serves over 3,300 current and former foster youth annually through various programs, including the Guardian Scholars program, Polinsky Children's Center, Camp Connect, Something Special Fund, and the Birthday Club. These initiatives are crucial in helping foster youth transition into healthy, successful adults.

Despite its impactful work, Promises2Kids faces challenges in meeting the demand for its services due to limited resources. The organization relies heavily on community donations and volunteer support, with a small team of paid staff and around 200 volunteers facilitating its activities.

Attack Overview

The ransomware attack on Promises2Kids was claimed by the Qilin ransomware group via their dark web leak site. The breach has disrupted the organization's operations, potentially exposing sensitive data related to the foster youth and programs it supports. The exact method of penetration remains unclear, but it is likely that the attackers exploited vulnerabilities in the organization's cybersecurity infrastructure.

About the Qilin Ransomware Group

The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. First appearing in October 2022, Qilin has targeted various sectors, including healthcare, automotive, and government agencies. The group is known for its advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms.

Qilin distinguishes itself through its adaptability and cross-platform capabilities, symbolized by its name, which references a mythical Chinese creature. The group has been particularly active in the healthcare sector, causing significant disruptions to hospitals and medical services. In June 2024, Qilin was suspected of launching a ransomware attack against Synnovis, a pathology services firm in London, leading to a critical incident at several hospitals.

Potential Vulnerabilities

Nonprofit organizations like Promises2Kids are often vulnerable to ransomware attacks due to limited resources for advanced cybersecurity measures. The reliance on community donations and volunteer support can result in less investment in security infrastructure, making them attractive targets for threat actors like the Qilin group. Ensuring the protection of sensitive data and maintaining operational continuity are critical challenges for such organizations.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.