Florence Cement Hit by BianLian Ransomware, 500GB Data Compromised
Incident Date:
July 31, 2024
Overview
Title
Florence Cement Hit by BianLian Ransomware, 500GB Data Compromised
Victim
Florence Cement Company, Inc.
Attacker
Bianlian
Location
First Reported
July 31, 2024
Ransomware Attack on Florence Cement Company by BianLian Group
Florence Cement Company, Inc., a well-established contractor based in Southeastern Michigan, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. The attack, discovered on August 1, compromised 500GB of sensitive data, posing significant operational and reputational challenges for the company.
About Florence Cement Company
Founded in 1966, Florence Cement Company specializes in public and private road construction, offering services such as earth excavation, demolition, sanitary and water systems installation, concrete and asphalt paving, and decorative restoration. With a workforce of approximately 114 employees and annual revenues of around $16.2 million, the company has built a strong reputation for quality workmanship and timely project completion. Their commitment to innovation and sustainability, including the use of recycled concrete paving, sets them apart in the construction industry.
Vulnerabilities and Targeting
Florence Cement's integrated approach as a "turn-key" contractor, managing all aspects of a project, makes them a lucrative target for ransomware groups like BianLian. The company's reliance on advanced technology and extensive data management systems may have presented vulnerabilities that the attackers exploited. The construction sector's increasing digitization and the critical nature of its services make it an attractive target for cybercriminals seeking to disrupt operations and demand ransom.
Attack Overview
The BianLian group, known for its sophisticated ransomware operations, has claimed responsibility for the attack on Florence Cement via their dark web leak site. The group has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. In this instance, the attackers exfiltrated 500GB of sensitive data, leveraging their expertise in compromised Remote Desktop Protocol (RDP) credentials and custom backdoors to infiltrate the company's systems.
About BianLian Ransomware Group
BianLian initially functioned as a banking trojan before transitioning into advanced ransomware operations. The group employs extortion-based strategies, focusing on sectors with sensitive data and financial capacity. Their tactics include using PowerShell and Windows Command Shell for defense evasion and various tools for discovery, lateral movement, collection, exfiltration, and impact. BianLian's shift from a double extortion model to primarily exfiltration-based extortion underscores their evolving threat landscape.
Penetration Methods
BianLian's penetration methods typically involve gaining initial access through compromised RDP credentials, implanting custom backdoors, and using sophisticated techniques for lateral movement and data exfiltration. The group's ability to adapt and evolve their tactics makes them a formidable threat to organizations across various sectors, including construction.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.