The Salvation Army in the UK was Infected with Ransomware


The Register has uncovered that criminals infected the Salvation Army in the United Kingdom with ransomware and stole the organization's data. A spokeswoman for the Salvation Army confirmed that the evangelical Christian church and charity had been hacked and that it had notified UK regulators. 

She said, “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff, and are working to notify any other relevant third parties. We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal.” 

There is currently no other information concerning the event, such as the identity of the attackers or the material that was accessed. Furthermore, no data has been found on any known ransomware gang websites. Salvation Army workers and volunteers, on the other hand, have been instructed to keep a tight eye on their accounts for any unusual banking activity or suspicious contact. 

Jake Moore, a cybersecurity specialist with Slovakian antivirus firm ESET, told The Register: “It is vital that those who could be at risk are equipped with the knowledge of how to mitigate further attacks. The first few days and weeks after a breach are the most important, as criminals will be quick to take advantage of the situation and strike while they still can.”

 “Those who may believe they have had their details taken must contact their banks to add extra fraud protection and to be on guard for extra attempts such as unsolicited calls or emails phishing for extra information,” added ESET’s Moore. 

Other information security industry sources speculated that the attacks were carried either by the Conti or Pysa ransomware gangs. Conti was the ransomware strain used by the WizardSpider gang in the Irish Health Service attack, which came dangerously close to paralyzing Irish hospitals as employees were forced to revert to pre-computer era paper-based systems. Pysa, meanwhile, has been detected targeting schools and other “soft underbelly” targets, like the Hackney Council breach late last year. 

The current ransomware attack has shown that no organization is immune to ransomware and that it must be prepared to confront attacks at any time. Keith Glancey, systems engineering manager at Infoblox, commented: “This latest attack on the UK arm of the Salvation Army shows that ransomware is growing in sophistication and that actors are getting bolder. No organization is off-limits, even those in the charity sector.”