Ransomware hits The Big Issue. Qilin group leaks confidential data

The Qilin ransomware group has targeted The Big Issue, a street newspaper sold by the homeless and vulnerable.

As The Record reports, a post on Qilin's dark web leak site claimed the gang has stolen 550 GB of confidential data from the periodical's parent company.

Qilin has published photographs of what seems to be the driving license and salary details of Big Issue Group CEO Paul Cheal to validate their claims.

In addition, the CEO of Big Issue's social impact investment division, Danyal Sattar, appears to have had his banking and passport details leaked.

Another screenshot shared by the group appears to show files containing staff passport scans, spreadsheets with employee data, including full names, email and home addresses, and banking information.

In a statement shared with the media, Big Issue Group confirmed that it had suffered a cyber attack - but made no mention of whether it had received a ransom demand or if it would be prepared to pay its extortionists:

"Last week, the Big Issue Group experienced a cyber incident. On becoming aware of this, we took immediate steps to restrict access to our systems, working with external IT security experts, and the investigation into the incident is ongoing. Thanks to the proactive steps taken, we have been able to begin restoring our systems and are operating with limited disruption."

The world's most widely-circulated street newspaper confirmed that some of its data had been posted to the dark web and that it was working with external cybersecurity experts, law enforcement, and regulators.

Perhaps most pertinently for those who like to support vendors of The Big Issue, the newspaper says the cyber attack has not impacted publication and distribution.

Qillin (which has also been known as Agenda) is a ransomware-as-a-service operation.  First discovered in August 2022, Qillin is known for targeting organisations with ransomware written in Rust and Go.

Qillin works with affiliates to infect, encrypt, and exfiltrate data from organizations. Victims receive a ransom demand stating that their stolen information will be leaked if they do not pay for a decryption key.

Past victims of Qilin ransomware attacks include automotive parts giant Yanfeng and court services in Australia.