Salvation Army Hit by Ransomware Attack

The UK arm of the Salvation Army has been hit by a ransomware attack, it has been reported.

The Christian charity is thought to be negotiating with the attackers over the siphoned data.

The Register reported that the Salvation Army first noticed the attack around a month ago, which is believed to have affected a London data center used by the charity.

Speaking to The Register, a Salvation Army spokesperson confirmed the attack took place and that the Information Commissioners Office (ICO) has been informed: “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the ICO, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.”

Thankfully, the charity said that none of its services for vulnerable people had been affected.

There is currently no further information about the incident, such as the attackers' identity or the data accessed. Additionally, no data has appeared on any known ransomware gang sites.

However, Salvation Army staff and volunteers have been advised to keep a close watch for any unusual banking activity from their accounts or suspicious communication they receive.

The attack is the latest in a long line of ransomware incidents that have taken place this year. Prominent examples include the attack on Colonial Pipeline, which led to the largest fuel pipeline in the US being taken offline for five days and on meat processing giant JBS, who reportedly paid the attackers an $11m ransom.

The latest attack has further demonstrated that no organization is safe when it comes to ransomware and must be prepared to face attacks at any time. Keith Glancey, systems engineering manager at Infoblox, commented: “This latest attack on the UK arm of the Salvation Army shows that ransomware is growing in sophistication and that actors are getting bolder. No organization is off-limits, even those in the charity sector.

"When it comes to ransomware, the only truly effective approach is prevention. If an unprotected system gets attacked, there is no way to guarantee the retrieval or decryption of data. Mitigating risk before an attack can happen is the most effective defense an organization can have. Security solutions – such as those that leverage DNS – that can interrupt the malware's attempt to connect to the command-and-control server, as well as frequent and robust backups, are key. All organizations - regardless of size or sector - should expect ransomware attacks and prepare accordingly.”

Oz Alashe, CEO and founder at CybSafe, added: “Sadly, this latest incident is just one of a spate of ransomware attacks to have occurred over recent months. Schoolshealthcare services and charities such as the Salvation Army are being increasingly targeted by malicious actors who view them as soft targets.

“Given the growing frequency of these attacks, it’s never been more important for organizations and individuals to take the necessary measures to protect themselves online. We need to move beyond basic awareness training and more seriously consider the human aspect of cybersecurity.

“As these attacks become more sophisticated, they also become more personalized, and therefore an approach towards cybersecurity must mirror this if organizations and individuals are to successfully fend off such threats.”

What’s Hot on Infosecurity Magazine?