German charity refuses to comply with Bitcoin ransomware demand — hackers attempt to extort hunger-fighting group for over $2 million

News
By published

The group says they won't pay

Bitcoin crash coin disintegrating
(Image credit: Shutterstock)

Here's the regularly scheduled reminder that no amount of stock imagery featuring shadowy figures in black hoodies and Guy Fawkes masks can make cybercriminals seem cool: A ransomware-as-a-service group is reportedly looking to sell information stolen from Welthungerhilfe, or "World Hunger Help," in exchange for 20 bitcoin.

The Record today reports that the ransomware group "recently listed the charity on its darknet leak site" and that "although it is not clear whether WHH’s computer networks have also been encrypted," the German nonprofit has said "it would not be making an extortion payment to the criminals behind the attack."

CoinMarketCap puts the value of 20 bitcoin at roughly $2.1 million at the time of writing. That would be easy for some companies to pay—Mark Zuckerberg has reportedly offered more than $100 million per year to work on Meta's various AI projects—but it's almost comically despicable to demand that much from a nonprofit like WHH.

This is how WHH describes its work on its website:

"In 2023 alone, WHH supported about 16.4 million people with its 630 overseas projects in 36 countries. In real terms, that means: Many people now harvest more and can therefore improve their diets. They now have clean drinking water or toilets at home, which leaves them less susceptible to illness. Others are earning or producing more and can begin an education. For the children, WHH's support means a chance of improved physical and mental development."

Now the organization has to respond to a ransomware incident (and, mea culpa, the media coverage that comes with it) instead of focusing on its mission. This isn't some teenagers demanding that Nvidia make its graphics drivers open source; it's a potential impediment to WHH's efforts to help millions of people live better lives.

But that's a trend for this group: The Record reported that it "was previously responsible for attacks on multiple hospitals — including The Ann & Robert H. Lurie Children’s Hospital of Chicago and hospitals run by Prospect Medical Holdings — and last year also attempted to extort the disability nonprofit Easterseals."

Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

7 Comments Comment from the forums
  • Dr3ams
    For personal hardware, I recommend making images of your OS and data on an external drive. Only connect it to your computer to upgrade or install the image. If someone tries to extort you by bricking your system, just give them the finger, then format and load the saved image.
    Reply
  • jamminonline
    Dr3ams said:
    For personal hardware, I recommend making images of your OS and data on an external drive. Only connect it to your computer to upgrade or install the image. If someone tries to extort you by bricking your system, just give them the finger, then format and load the saved image.

    So, that isn't really the issue with these ransomware attacks, they aren't typically concerned with individual machines. The issue is, they find their way into a privileged account, and have free roam of the major architecture of the organization, since most enterprise/business suites are cloud based now with things like 365, or Google Workspace, or Zoho etc. They'll do things like delete permissions, encrypt data, as well as steal it all. They will shut off access to critical business services like email, social media accounts, financial applications, client data etc. They make it so you cannot conduct business until you have managed to get your service providers to undo all the damage that has been done, which can still result in months of losses when they finally can roll back to a safe version.

    Even if you reflash a workstation, it'll be locked out by your own security controls, and that workstation isn't even important in the grand scheme of things to begin with.
    Reply
  • USAFRet
    Dr3ams said:
    For personal hardware, I recommend making images of your OS and data on an external drive. Only connect it to your computer to upgrade or install the image. If someone tries to extort you by bricking your system, just give them the finger, then format and load the saved image.
    Its not just personal hardware, corporate hardware as well.
    Reply
  • circadia
    3en88 said:
    The WHH, like all charities without exception, is a criminal organization operated by people who are more despicable and way more predatory than the ransomware hackers who, in this case, are doing good work.
    okay, any proof that all charities in general are operated by those people?
    and, surely there must be good ones as well?
    if not, how do we help people in lesser conditions?
    Reply
  • Joomsy
    circadia said:
    okay, any proof that all charities in general are operated by those people?
    and, surely there must be good ones as well?
    if not, how do we help people in lesser conditions?
    Shhh, conspiracy theories require you to relinquish all critical thought. You're poopin' in the punch bowl.

    Anyway, good on them for not paying. That's why RaaS exists to the degree that it does; companies willfully paying bad actors all to preserve their image. I share the sentiment that those who do pay should be met with some kind federal reprimand. If they didn't make it so lucrative, it wouldn't be so prevalent, and they're the core enabler of the business model. That's just capitalism 101, and you'd think corporations would understand that. But no, shareholder perception matters much more than the public's, even if it means a compromised company holds information that can be used to hurt the public. There's no honor amongst thieves, though, and absolutely nothing stops them from releasing a data horde regardless of payment.
    Reply
  • DS426
    3en88 said:
    "The WHH, like all charities without exception, is a criminal organization operated by people who are more despicable and way more predatory than the ransomware hackers who, in this case, are doing good work."


    ORLY? And what is the good work that the hackers are doing? If you are talking about finding and releasing evidence of fraud, abuse, etc. by one or more staffers, that might be considered a moral justification if it was posted online for free in order to hold those offenders accountable. Asking for $2 million or otherwise it'll be sold... that's just the usual financially-motivated e-crime system at work. Well they would "just" be thieves, but what are thieves that effectively rob from the poor and inflicted?

    There are a lot of small charities where almost every penny directly benefits those in need. People that volunteer hours of their time every day at little or no pay to help someone else in need. Maybe you should volunteer your time doing something good rather than making statements of inverted morality.
    Reply
  • USAFRet
    OK...this has gone way too far out of bounds.

    Thanks to all who contributed.
    But, closing this.
    Reply