Hunter Dickinson Inc. Hit by BianLian Ransomware Attack
Incident Date:
September 10, 2024
Overview
Title
Hunter Dickinson Inc. Hit by BianLian Ransomware Attack
Victim
Hunter Dickinson Inc. (HDI)
Attacker
Bianlian
Location
First Reported
September 10, 2024
Ransomware Attack on Hunter Dickinson Inc. by BianLian Group
Hunter Dickinson Inc. (HDI), a prominent global mining company based in Vancouver, Canada, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. The attack has compromised approximately 9.5 TB of sensitive data, significantly impacting the company's operations and reputation.
About Hunter Dickinson Inc.
Founded in 1985, HDI is a diversified mining group with over 30 years of experience in mineral development. The company specializes in acquiring, developing, and managing mineral properties, focusing on delivering superior returns to shareholders. HDI operates as a private entity, providing management, technical, financial, and administrative services to a portfolio of mineral companies and properties. The company is known for its technical expertise and commitment to responsible mineral development, collaborating with stakeholders to ensure sustainable practices.
Attack Overview
The ransomware attack by BianLian has compromised a wide array of critical information, including data from multiple affiliated companies, comprehensive financial records, human resources data, and information pertaining to partners and vendors. Additionally, the attack exposed engineering data, records of incidents and injuries, litigation documents, and restricted data. Geological data and information related to projects and business operations in regions such as Africa, CIS countries, the EU, Brazil, and China were also compromised. The stolen data further includes details on mining fields for minerals, graphite, silver, gold, and other materials, as well as mailboxes and internal and external email correspondence, and various databases.
About the BianLian Ransomware Group
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, using PowerShell and Windows Command Shell for defense evasion, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.
Penetration and Impact
BianLian's attack on HDI underscores the vulnerabilities that even well-established companies face. The group's tactics, including exfiltration of sensitive data and extortion, have led to significant financial and reputational consequences for HDI. The attack highlights the importance of advanced cybersecurity measures to protect against sophisticated ransomware groups like BianLian.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.