BianLian Ransomware Hits Western Supplies Inc Impacting Operations

Incident Date:

September 5, 2024

World map

Overview

Title

BianLian Ransomware Hits Western Supplies Inc Impacting Operations

Victim

Western Supplies, Inc

Attacker

Bianlian

Location

Iowa Park, USA

Texas, USA

First Reported

September 5, 2024

Ransomware Attack on Western Supplies, Inc. by BianLian Group

Western Supplies, Inc., a prominent supplier in the pipeline industry, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. This attack has significant implications for the company's operations and reputation, given its critical role in the construction sector.

Company Overview

Established in 1970 and headquartered in Iowa Park, Texas, Western Supplies, Inc. specializes in providing a wide array of products and services tailored to the pipeline sector. The company offers both sales and rental options for essential pipeline equipment, including boring machines, augers, sandblasting equipment, and various testing tools. With a workforce of 11 to 50 employees, Western Supplies generates an estimated annual revenue ranging from $1 million to $5 million. The company is renowned for its exceptional customer service and high-quality products, making it a trusted partner in the industry.

Attack Overview

The BianLian ransomware group has claimed responsibility for the attack on Western Supplies via their dark web leak site. The attack has compromised the company's operations, potentially affecting its ability to serve its extensive client base. Given Western Supplies' reputation and operational efficiency, the breach could have significant repercussions on its standing in the industry.

About BianLian Ransomware Group

BianLian is a rapidly evolving ransomware group that emerged in 2022. Initially appearing as an Android banking trojan in 2019, the group has transformed into a sophisticated ransomware operation known for its adaptability and diverse attack strategies. The name "BianLian" refers to the traditional Chinese art of "face-changing," symbolizing the group's ability to shift tactics fluidly. BianLian employs a multi-stage attack methodology, often beginning with initial access through compromised Remote Desktop Protocol (RDP) credentials, phishing, or exploiting vulnerabilities like ProxyShell.

Penetration and Vulnerabilities

BianLian's attack on Western Supplies likely involved gaining initial access via stolen RDP credentials or phishing. Once inside the network, the group uses custom backdoors, primarily written in Go, to maintain persistence and control over the compromised systems. They utilize PowerShell and Windows Command Shell to disable antivirus tools and evade detection, gathering intelligence about the victim's network to enable further exploitation. The shift from a double-extortion model to a pure data exfiltration model reflects BianLian's evolving tactics, focusing on stealing data and threatening to release it to compel victims to pay.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.