bianlian attacks International Custom Controls
Incident Date:
August 29, 2022
Overview
Title
bianlian attacks International Custom Controls
Victim
International Custom Controls
Attacker
Bianlian
Location
First Reported
August 29, 2022
International Custom Controls Suffers Ransomware Attack
International Custom Controls (ICC), a company that provides complete turnkey controls and fabricated systems, has been targeted by the ransomware group Bianlian. The attack was announced on the group's dark web leak site, and the victim's website is currently under scrutiny. ICC operates in the Manufacturing sector and is renowned for offering a comprehensive suite of solutions aimed at reducing the cost and risk associated with the controls package.
The specific size of ICC is not detailed in available search results, yet the company has previously reported significant financial impacts from ransomware attacks. For example, Johnson Controls, a peer in the industrial controls sector, disclosed a $27 million loss due to a ransomware attack in 2023.
While the exact vulnerabilities exploited by threat actors in the ICC attack are not disclosed, the company's broad spectrum of solutions may present a wider attack surface relative to firms with more focused offerings. This diversity could render them a more appealing target for ransomware groups such as Bianlian.
Bianlian's notoriety stems from its destructive malware, marketed as a service to clients who then orchestrate ransomware attacks, seizing victims' data for ransom. Despite being targeted by a global law enforcement crackdown, the group has signaled intentions to regroup and resume its activities.
In light of such ransomware attacks, organizations are encouraged to implement preventive measures including maintaining backups, employing application allowlisting, and validating security controls. Reporting ransomware incidents to local FBI Field Offices or CISA's 24/7 Operations Center is also advised for affected entities.
Sources
- NPR. (2024, February 20). Global law enforcement effort cracks down on LockBit ransomware group. Retrieved April 10, 2024, from https://www.npr.org/2024/02/20/1232698867/global-law-enforcement-effort-cracks-down-on-lockbit-ransomware-group
- CISA. (2023, June 14). Understanding Ransomware Threat Actors: LockBit. Retrieved April 10, 2024, from https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
- Cybersecurity Dive. (2024, January 31). Johnson Controls reports $27M hit from ransomware attack. Retrieved April 10, 2024, from https://www.cybersecuritydive.com/news/johnson-controls-ransomware-costs/706149/
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.