Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BianLian. Show all posts

BianLian Ransomware Strikes: US Companies Grapple with Data Breach Fallout


The BianLian ransomware organization is accused of cyberattacking against three major US companies, consisting of large amounts of sensitive data. The victims of the BianLian ransomware attack—Island Transportation Corp., Legend Properties Inc., and Transit Mutual Insurance Corporation of Wisconsin—had their breaches detailed on a dark web forum by the ransomware gang.

This escalation illustrates the growing threat ransomware attacks present against important sectors across the United States.

The Targets

1. Island Transportation Corp.: A heavyweight in the bulk carrier industry, Island Transportation Corp. services the petroleum sector. Unfortunately, they fell victim to the BianLian ransomware attack, compromising a staggering 300 GB of organizational data. Among the exposed information are vital business records, accounting files, project details, and personal data.

2. Legend Properties Inc.: As a well-established commercial real estate and brokerage firm, Legend Properties Inc. found itself in the crosshairs. The attackers gained unauthorized access to 400 GB of sensitive data, including critical business information, accounting records, and personal details.

3. Transit Mutual Insurance Corporation of Wisconsin: A key player in the insurance industry, Transit Mutual Insurance Corporation of Wisconsin suffered a similar fate. The ransomware breach exposed 400 GB of organizational data, encompassing business records, accounting files, project data, and personal information.

The Broader Implications

  • Data Privacy: The compromised data includes personal information, which could lead to identity theft or financial fraud. Companies must prioritize robust data protection mechanisms.
  • Business Continuity: Disruptions caused by ransomware attacks can cripple operations. Organizations need robust backup systems and incident response plans.
  • Industry Vulnerability: No sector is immune. Whether shipping, real estate, or insurance, all must fortify their defenses against cyber threats.

Recommendations

  • Multi-Layered Security: Companies should adopt a multi-layered security approach, including firewalls, intrusion detection systems, and regular security audits.
  • Employee Training: Educate employees about phishing, social engineering, and safe online practices. Human error remains a significant vulnerability.
  • Incident Response Plans: Develop and test incident response plans to minimize damage during an attack.

The situation underscores the growing threat posed by ransomware attacks to critical sectors across the United States. 

While Island Transportation Corp.'s website remains functional, Legend Properties Inc. and Transit Mutual Insurance Corporation of Wisconsin have displayed blocking messages, indicating potential disruptions due to the attack.

A New Ransomware Gang BianLian on a Sudden Rise



BianLian has 20 victims 

A new ransomware gang working under the name BianLian surfaced last year and is actively on the rise since then. The group already has a record of twenty victims across various industries (engineering, medicine, insurance, and law). Most of the victim organizations are based in Australia, the UK, and North America.

Cybersecurity firm Redacted published a report regarding the incident, it hasn't attributed the attack to anyone but believes the threat actor "represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business." 

Redacted firm finds the group 

Unfortunately, the Redacted team of experts has found proof that BianLian is now trying to advance its tactics. In August, the experts noticed that a troubling expansion in the rate by which BianLian was bringing new [CBC] servers online. 

"The BianLian group has developed a custom tool set consisting of a backdoor and an encryptor, developing both using the Go programming language," says the report.

The experts currently lack the insight to know the reason for the sudden increase in growth, it may hint that the hacking group is ready to increase its operational tempo, though whatever may be the reason, there isn't much good that comes from a ransomware operator that has resources readily available to him. 

How does BianLian work?

To get initial access into the victim's network, BianLian generally attacks the SonicWall VPN devices, servers that offer remote network access through solutions like Remote Desktop, ProxyShell vulnerability chain 

Once exploited, they deploy either a webshell or a lightweight remote access solution like ngrok as the follow-on payload. Once inside the victim network, BianLian takes upto six weeks to initiate the encryption process. 

As BianLian in the beginning spreads throughout the network, looking for the most important information to steal and find out the most important machines to encrypt, it appears to take steps to reduce observable incidents, via living of the land (LOL) methods to move horizontally. 

In the past, BianLian has occasionally posted teaser information on victim organizations, leaving the victims identities masked, which may have served as an additional pressure mechanism on the victims in an attempt to have them pay the actors ransom demand, says Redacted report.