BianLian Ransomware Strikes Legend Properties, Exfiltrates 400GB

Incident Date:

July 4, 2024

World map

Overview

Title

BianLian Ransomware Strikes Legend Properties, Exfiltrates 400GB

Victim

Legend Properties, Inc.

Attacker

Bianlian

Location

Conshohocken, USA

Pennsylvania, USA

First Reported

July 4, 2024

Analysis of the BianLian Ransomware Attack on Legend Properties, Inc.

Company Profile: Legend Properties, Inc.

Legend Properties, Inc., established in 1990, is a prominent commercial real estate and brokerage firm operating in eastern and central Pennsylvania, New Jersey, and Delaware. The company specializes in retail leasing, tenant representation, investment sales, and commercial land development. With its headquarters in Cherry Hill, New Jersey, Legend Properties stands out in the industry due to its comprehensive service offerings and local market expertise. However, the nature of their business involves handling substantial amounts of sensitive client and business data, which potentially increases their vulnerability to cyber-attacks.

Details of the Ransomware Attack

The ransomware group BianLian has recently targeted Legend Properties, Inc., claiming to have exfiltrated 400 GB of sensitive data. This data purportedly includes critical business information, accounting records, project details, and personal information from network users’ folders and file servers. The attack was announced on BianLian's dark web leak site, indicating a serious security breach that could have severe financial and reputational consequences for Legend Properties.

Profile of the Ransomware Group: BianLian

BianLian, originally known as a banking trojan, has evolved into a sophisticated ransomware group. The group is known for its global operations, primarily targeting sectors with significant data sensitivity and financial resources. BianLian employs a range of tactics including compromised Remote Desktop Protocol (RDP) credentials, custom backdoors, and extensive use of PowerShell and Windows Command Shell for defense evasion. Their operations have shifted focus from double extortion to primarily exfiltration-based extortion, threatening severe financial and legal repercussions against their victims.

Potential Entry Points and Security Implications

For Legend Properties, the entry point for BianLian could have been through compromised RDP credentials, a common attack vector for the group. The real estate sector often relies on remote access tools, which can become vulnerabilities if not properly secured. The extensive amount of sensitive data managed by Legend Properties also makes them an attractive target for ransomware groups like BianLian, who specialize in data exfiltration and extortion.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.