Hunter Dickinson Inc. Hit by Major BianLian Ransomware Attack

Incident Date:

September 19, 2024

World map

Overview

Title

Hunter Dickinson Inc. Hit by Major BianLian Ransomware Attack

Victim

Hunter Dickinson Inc.

Attacker

Bianlian

Location

Vancouver, Canada

, Canada

First Reported

September 19, 2024

Ransomware Attack on Hunter Dickinson Inc. by BianLian

Hunter Dickinson Inc. (HDI), a prominent private mining group based in Vancouver, Canada, has recently fallen victim to a ransomware attack orchestrated by the notorious hacking group BianLian. The attack has resulted in the exfiltration of 9.5 TB of sensitive data, significantly impacting the company's operations and reputation.

About Hunter Dickinson Inc.

Established in 1985, HDI specializes in acquiring, developing, and operating mineral properties. The company is known for its strategic approach to mineral exploration and development, encompassing the entire lifecycle from initial acquisition to mine operations. HDI has been involved in numerous successful mining ventures across various continents, focusing on precious and base metals. The firm employs approximately 60 people and reported annual revenue of $36.7 million.

Attack Overview

The ransomware group BianLian claims to have exfiltrated a wide array of sensitive information from HDI, including data from multiple affiliated companies, financial records, human resources data, and information pertaining to partners and vendors. Additionally, engineering data, incidents and injuries reports, litigation documents, restricted data, geological data, and mining field data from various regions were compromised. The breach also extended to mailboxes, email correspondence, and databases, indicating a significant and comprehensive data exfiltration.

About BianLian

BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.

Penetration and Impact

BianLian's tactics include exfiltration of sensitive data, leading to significant financial and reputational consequences for compromised organizations. The group's shift towards exfiltration-based extortion underscores the evolving threat landscape posed by ransomware groups. HDI's extensive network and global operations made it a lucrative target for BianLian, which capitalized on potential vulnerabilities in the company's cybersecurity measures.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.