BianLian Ransomware Strikes First Choice Sales & Marketing Group
Incident Date:
September 24, 2024
Overview
Title
BianLian Ransomware Strikes First Choice Sales & Marketing Group
Victim
First Choice Sales & Marketing Group (First Choice)
Attacker
Bianlian
Location
First Reported
September 24, 2024
BianLian Ransomware Attack on First Choice Sales & Marketing Group
First Choice Sales & Marketing Group, a prominent player in the consumer products management sector, has recently been targeted by the notorious ransomware group BianLian. This attack highlights the vulnerabilities faced by companies operating in the business services sector, particularly those handling sensitive consumer product information.
Company Profile and Industry Standing
Established in 1987 and headquartered in Memphis, Tennessee, First Choice Sales & Marketing Group is a manufacturers' representative agency specializing in marketing and sales solutions across various retail channels. The company is renowned for its expertise in the health and beauty products industry, offering services such as sales presentations, business insights, order management, and competitive shop analysis. With a leadership team boasting over 300 years of collective experience, First Choice is distinguished by its strategic approach to brand management and strong industry relationships.
Attack Overview
The ransomware attack was discovered on September 25, when BianLian exfiltrated approximately 140GB of sensitive data from First Choice. The compromised data includes accounting records, financial and contract information of clients, and workflows with major partners like Walmart. This breach underscores the significant risk posed by ransomware attacks to organizations handling extensive consumer product information.
BianLian Ransomware Group
BianLian is a sophisticated ransomware group known for its evolution from a banking trojan to advanced ransomware operations. The group has a global reach, with a particular focus on sectors with sensitive data, such as healthcare, manufacturing, and professional services. BianLian distinguishes itself through its exfiltration-based extortion tactics, threatening victims with financial and reputational damage if ransoms are not paid.
Potential Vulnerabilities and Penetration Tactics
First Choice's extensive handling of sensitive data and its reliance on digital infrastructure may have made it an attractive target for BianLian. The group typically gains initial access through compromised Remote Desktop Protocol credentials, using custom backdoors and various tools for lateral movement and data exfiltration. This attack serves as a stark reminder of the importance of effective cybersecurity measures in protecting sensitive business information.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.