Recently, the non-profit organization Promiss2kids, supporting children in San Diego, California, USA, became a victim , specializing in the distribution of robber programs. Hackers said that they gained access to the confidential information of the organization, threatening it with public disclosure if a ransom was not paid.
QILIN, also known as Agenda, is known for its attacks on various organizations, including medical institutions and large companies. In this case, they used a double extortion strategy, when in addition to data encryption, hackers threaten to publish stolen information, which significantly enhances the pressure on the victim.
QILIN acts according to the Ransomware-AS-A-Service (RAAS) model, attracting third-party participants to spread malware and dividing the ransom with them. Attackers most likely used the phishing methods for the initial hacking of the system, and then applied spy software for monitoring and controlling infected devices.
The attack on Promiss2kids is especially cynical, given that the organization is engaged in helping children who have survived violence and neglect. This causes public indignation and emphasizes the immorality of the actions of cybercriminals, choosing such vulnerable goals.
The leadership of Promiss2kids has already turned to the cybersecurity specialists for help and cooperates with law enforcement agencies to investigate the incident. At the same time, the organization tried to minimize the consequences of the attack, but it is not yet clear whether they managed to prevent data leakage.
In addition to the attack on Promiss2kids, the representatives of QILIN announced the simultaneous hacking four more organizations among them:
- Hiesmayr Haustechnik – Austrian company engaged in engineering systems and plumbing, providing comprehensive solutions for the construction and modernization of buildings.
- Central College Jounieh – an educational institution in Lebanon, offering a wide range of educational programs for students of various ages.
- on365 Ltd – a British company specializing in the provision of IT services, including management and support for infrastructure of data centers.
- municipality of Jaboatao Dos Guaraarapes – municipality in Brazil, engaged in the management of local administrative and public services for residents of the region.
These attacks indicate the targeted actions