BianLian Ransomware Hits Western Supplies Inc Impacting Operations
Incident Date:
September 5, 2024
Overview
Title
BianLian Ransomware Hits Western Supplies Inc Impacting Operations
Victim
Western Supplies, Inc
Attacker
Bianlian
Location
First Reported
September 5, 2024
Ransomware Attack on Western Supplies, Inc. by BianLian Group
Western Supplies, Inc., a prominent supplier in the pipeline industry, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. This attack has significant implications for the company's operations and reputation, given its critical role in the construction sector.
Company Overview
Established in 1970 and headquartered in Iowa Park, Texas, Western Supplies, Inc. specializes in providing a wide array of products and services tailored to the pipeline sector. The company offers both sales and rental options for essential pipeline equipment, including boring machines, augers, sandblasting equipment, and various testing tools. With a workforce of 11 to 50 employees, Western Supplies generates an estimated annual revenue ranging from $1 million to $5 million. The company is renowned for its exceptional customer service and high-quality products, making it a trusted partner in the industry.
Attack Overview
The BianLian ransomware group has claimed responsibility for the attack on Western Supplies via their dark web leak site. The attack has compromised the company's operations, potentially affecting its ability to serve its extensive client base. Given Western Supplies' reputation and operational efficiency, the breach could have significant repercussions on its standing in the industry.
About BianLian Ransomware Group
BianLian is a rapidly evolving ransomware group that emerged in 2022. Initially appearing as an Android banking trojan in 2019, the group has transformed into a sophisticated ransomware operation known for its adaptability and diverse attack strategies. The name "BianLian" refers to the traditional Chinese art of "face-changing," symbolizing the group's ability to shift tactics fluidly. BianLian employs a multi-stage attack methodology, often beginning with initial access through compromised Remote Desktop Protocol (RDP) credentials, phishing, or exploiting vulnerabilities like ProxyShell.
Penetration and Vulnerabilities
BianLian's attack on Western Supplies likely involved gaining initial access via stolen RDP credentials or phishing. Once inside the network, the group uses custom backdoors, primarily written in Go, to maintain persistence and control over the compromised systems. They utilize PowerShell and Windows Command Shell to disable antivirus tools and evade detection, gathering intelligence about the victim's network to enable further exploitation. The shift from a double-extortion model to a pure data exfiltration model reflects BianLian's evolving tactics, focusing on stealing data and threatening to release it to compel victims to pay.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.