bianlian attacks Berg Kaprow Lewis

Incident Date:

October 4, 2022

World map



bianlian attacks Berg Kaprow Lewis


Berg Kaprow Lewis




, United Kingdom

London, United Kingdom

First Reported

October 4, 2022

BianLian Ransomware Attack on BKL

BianLian, a top 10 ransomware group according to leak site data, has claimed responsibility for an attack on BKL, a prominent business services company in the United Kingdom. BKL specializes in accountancy, tax, and business advisory services, with a significant emphasis on cybersecurity, offering consultancy services aimed at bolstering businesses' defenses against cyber threats.

Since its emergence in 2022, BianLian has predominantly targeted the healthcare and manufacturing sectors, significantly impacting organizations across the United States and Europe. The group has recently transitioned from employing a double extortion scheme to a strategy focused on extortion without encryption, opting to directly steal data to coerce victims into paying ransoms.

The susceptibility of BKL to this attack underscores the heightened risk faced by industries that manage high-value data, such as healthcare and finance. These sectors are particularly vulnerable due to the severe financial and reputational repercussions that can arise from data breaches. BianLian's adoption of double extortion tactics, which involve encrypting files and threatening to leak stolen data, exacerbates the dilemma for victims, compelling them to comply with ransom demands.

This incident serves as a stark reminder of the critical need for robust cybersecurity measures, especially within the business services sector where sensitive information is frequently processed. To mitigate the risk of ransomware attacks, companies are advised to maintain up-to-date security protocols, regularly update their systems, and provide comprehensive cybersecurity training to their employees.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.