Save the Children Hit by BianLian Data Extortion Gang


September 12, 2023

World map

Data extortion gang BianLian announced they attacked a global non-profit organization and exfiltrated sensitive information including financial, health, and medical data.

That organization is likely the Save the Children Fund, more commonly known as Save the Children, an international NGO that helps improve the lives of impoverished children worldwide.

“BianLian bragged on its website it had hit an organization that, based on the gang's description of its unnamed victim, looks to be Save The Children International. The NGO, which employs about 25,000 people, says it has helped more than a billion kids since it was founded in 1919,” The Register reported.

“BianLian added that its victim, "the world's leading nonprofit," operates in 116 countries with $2.8 billion in revenues. The extortionists claim to have stolen 6.8TB of data, which they say includes international HR files, personal data, and more than 800GB of financial records. They claim to also have email messages as well as medical and health data.”

Takeaway: Whether it’s exposing clinical photographs of breast cancer patients or disrupting out a multi-state regional healthcare provider, data extortion and ransomware groups have shown time and time again that there is no line they will not cross for profit, even if it hurts the most vulnerable in society.

The BianLian ransomware gang first emerged in the summer of 2022, and successfully attacked several high-profile organizations. They engaged in double extortion, where they exfiltrated victim data prior to delivering the encryption payload, with the intent to use the data as additional leverage to compel the victim to pay the ransom demand.

The tactic was so successful, when a free decryption tool for the BianLian ransomware was released, BianLian decided not to abandon the ransomware payload stage of the attacks and focus on data exfiltration and extortion alone.

The fact that they don’t hit victims with ransomware anymore does not make BianLian any less of a threat to organizations and given they may have just attacked one of the world’s biggest and most impactful charities, it is safe to say no organization is safe from this threat.

Ransomware is a financially motivated crime. They want the money at any cost - and if they can reduce the resources required to be successful, they will. Attackers always consider ROI in their operations, so if ransomware groups can achieve their goals by simplifying the attack and still achieve the same results, they will.

While the absence of a ransomware payload means the charity’s networks are likely up and running, the attack still has the potential to be extremely damaging to operations, will result in an expensive remediation process, and will likely be damaging to the organization’s reputation and ability to raise funds.

Again, ransomware and data extortion attacks are financially motivated, and these threat actors simply don’t care who they hurt in the process, even if it’s the most vulnerable among us – children living in abject poverty. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.