This article is more than 1 year old

UK arm of international charity the Salvation Army hit by ransomware attack

Christian org becomes latest victim of latter-day IT scourge

Exclusive Criminals infected the Salvation Army in the UK with ransomware and siphoned the organisation's data, The Register has learned.

A Salvation Army spokesperson confirmed the evangelical Christian church and charity was compromised, and said it alerted regulators in the UK. She told us:

“We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the Information Commissioner’s Office, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.”

She continued: “We can also confirm that our services for the vulnerable people who depend on us are not impacted and continue as normal.”

The Salvation Army refused to give any further information, such as the identity of the criminal attackers, or the volume and type of data accessed by the them. To date, nothing has emerged on known ransomware gang sites.

Sally Army staff and volunteers should keep a close eye on bank statements for mysterious transactions, and for correspondence suggesting new accounts have been opened with financial service providers. Ransomware gangs typically resell stolen information to other criminals for further exploitation.

Jake Moore, a cyber security specialist with Slovakian antivirus firm ESET, told The Register: “It is vital that those who could be at risk are equipped with the knowledge of how to mitigate further attacks. The first few days and weeks after a breach are the most important, as criminals will be quick to take advantage of the situation and strike while they still can.”

The Reg was told by sources that the Salvation Army first became aware of the attack around a month ago, which we are told affected a London data centre used by the organisation.

“Those who may believe they have had their details taken ... must contact their banks to add extra fraud protection and to be on guard for extra attempts such as unsolicited calls or emails phishing for extra information,” added ESET’s Moore.

Other infosec industry sources suggested that the Conti or Pysa ransomware gangs might have been behind the attacks. Conti was the strain of ransomware deployed by the WizardSpider gang, who perpetrated the Irish Health Service attack, which came within a whisker of paralysing Irish hospitals as staff were forced to fall back to paper-based processes from the pre-computer era.

Pysa, meanwhile, has been seen targeting schools and other such “soft underbelly” targets — and was also the criminal crew behind the Hackney Council hack late last year.

An ICO spokesperson confirmed the Salvation Army had reported an incident to it and told us: “People have the right to expect that organisations will handle their personal information securely and responsibly. If an individual has concerns about how their data has been handled, they should raise it with the organisation first, then report them to us if they are not satisfied with the response.”

The Charity Commission told us: “In line with our guidance, the charity has submitted a serious incident report in relation to this matter. We are currently assessing this information and cannot comment further at this time.”

If you would like to contact The Register about this story, here is how . ®

More about

More about

More about


Send us news

Other stories you might like