BianLian Ransomware Compromises 3TB of Data at Dordt University

Incident Date:

June 13, 2024

World map

Overview

Title

BianLian Ransomware Compromises 3TB of Data at Dordt University

Victim

Dordt University

Attacker

Bianlian

Location

Sioux Center, USA

Iowa, USA

First Reported

June 13, 2024

BianLian Ransomware Attack on Dordt University

Overview of Dordt University

Dordt University, a private Christian liberal arts institution in Sioux Center, Iowa, is renowned for its integration of faith and learning. Founded in 1955 and affiliated with the Christian Reformed Church, the university offers a wide range of undergraduate and graduate programs. With a strong emphasis on community and spiritual development, Dordt University aims to prepare students for a life of service across various vocations.

Details of the Attack

The ransomware group BianLian has claimed responsibility for a cyberattack on Dordt University. The attack has resulted in the compromise of approximately 3 terabytes of sensitive data, significantly impacting the institution and its stakeholders. The university, which has a revenue of $36.2 million, now faces severe repercussions due to this data breach.

About BianLian Ransomware Group

BianLian is a sophisticated ransomware group known for its evolution from a banking trojan to advanced ransomware operations. The group employs extortion-based strategies, often gaining initial access through compromised Remote Desktop Protocol (RDP) credentials. BianLian has a global reach, with a significant focus on North America and Europe, particularly targeting sectors with sensitive data and financial capacity.

Penetration and Impact

BianLian's tactics include the use of custom backdoors, PowerShell, and Windows Command Shell for defense evasion. The group has shifted from a double extortion model to primarily exfiltration-based extortion, threatening victims with financial, business, and legal consequences if payment is not made. The attack on Dordt University underscores the vulnerabilities educational institutions face, particularly those with substantial data and financial resources.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.