BianLian Ransomware Strikes Legend Properties, Exfiltrates 400GB
Incident Date:
July 4, 2024
Overview
Title
BianLian Ransomware Strikes Legend Properties, Exfiltrates 400GB
Victim
Legend Properties, Inc.
Attacker
Bianlian
Location
First Reported
July 4, 2024
Analysis of the BianLian Ransomware Attack on Legend Properties, Inc.
Company Profile: Legend Properties, Inc.
Legend Properties, Inc., established in 1990, is a prominent commercial real estate and brokerage firm operating in eastern and central Pennsylvania, New Jersey, and Delaware. The company specializes in retail leasing, tenant representation, investment sales, and commercial land development. With its headquarters in Cherry Hill, New Jersey, Legend Properties stands out in the industry due to its comprehensive service offerings and local market expertise. However, the nature of their business involves handling substantial amounts of sensitive client and business data, which potentially increases their vulnerability to cyber-attacks.
Details of the Ransomware Attack
The ransomware group BianLian has recently targeted Legend Properties, Inc., claiming to have exfiltrated 400 GB of sensitive data. This data purportedly includes critical business information, accounting records, project details, and personal information from network users’ folders and file servers. The attack was announced on BianLian's dark web leak site, indicating a serious security breach that could have severe financial and reputational consequences for Legend Properties.
Profile of the Ransomware Group: BianLian
BianLian, originally known as a banking trojan, has evolved into a sophisticated ransomware group. The group is known for its global operations, primarily targeting sectors with significant data sensitivity and financial resources. BianLian employs a range of tactics including compromised Remote Desktop Protocol (RDP) credentials, custom backdoors, and extensive use of PowerShell and Windows Command Shell for defense evasion. Their operations have shifted focus from double extortion to primarily exfiltration-based extortion, threatening severe financial and legal repercussions against their victims.
Potential Entry Points and Security Implications
For Legend Properties, the entry point for BianLian could have been through compromised RDP credentials, a common attack vector for the group. The real estate sector often relies on remote access tools, which can become vulnerabilities if not properly secured. The extensive amount of sensitive data managed by Legend Properties also makes them an attractive target for ransomware groups like BianLian, who specialize in data exfiltration and extortion.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.