Bethany Lutheran Church Named as a Victim by Qilin Ransomware Group

• Qilin Ransomware Group named a church in Wisconsin as its victim.
• Bethany Lutheran Church was added to the dark web portal on February 14.
• No samples were posted by the group as a proof of the claim.

The Qilin ransomware group claimed that they breached a church in the south of Grantsburg, Wisconsin. The ransomware group added the name of Bethany Lutheran Church on its dark web portal on Friday. 

Threat Intelligence platform Falcon Feeds posted about the ransomware group's claim on X. The dark web post by Qilin named the church and an introduction about it offering Sunday school and other educational programs. 

The dark web claim was posted on February 14 with no other details like samples of data or photos. It is likely that they have made their ransom demand and are waiting for a reply from the contacted members of the church.

We approached the church with the threat intelligence details and asked for a response. We will update this report after receiving a reply.

Churches are a soft target for ransomware groups. Their systems store details of church members but may not have adequate security tools installed. Besides the fear of data loss and extortion, churches like other organizations are subject to data regulations.

Ransomware groups use advanced technology to evade detection while exfiltrating data. 

In an interview with TechNadu, Halcyon Director of Research and Communications, Anthony M. Freed mentioned that Qilin harvests VPN credentials from Google Chrome browsers. 

Freed also noted that Qilin exploits vulnerabilities in applications such as Remote Desktop Protocols. With these details about attackers, victims can reach out to cybersecurity companies that offer solutions to gain access to their systems back. 

To prevent threat and further damage, it is important for churches to have cybersecurity solutions and IT management systems in place.