Ransomware Attack on BK&A by BianLian Group Exposes 1.4TB of Sensitive Data
Incident Date:
August 14, 2024
Overview
Title
Ransomware Attack on BK&A by BianLian Group Exposes 1.4TB of Sensitive Data
Victim
Benson Kearley IFG
Attacker
Bianlian
Location
First Reported
August 14, 2024
Ransomware Attack on Benson Kearley IFG by BianLian Group
Benson, Kearley & Associates Insurance Brokers Ltd. (BK&A), a prominent insurance brokerage firm, recently fell victim to a ransomware attack orchestrated by the BianLian group. The cybercriminals claim to have exfiltrated 1.4 TB of sensitive data, including customer data banks, medical, business, auto, and cyber insurance policies, passports and IDs, confidential company paperwork, operational data, audit data, business files, accounting data, HR folders, file server data, and network users' folders.
Company Profile
Established in 1969, BK&A is headquartered in Newmarket, Ontario, with additional offices in Mississauga and Markham. The company specializes in a comprehensive range of insurance and financial services, serving both personal and commercial clients. BK&A is recognized for its strategic growth through acquisitions, particularly under the leadership of CEO Stephen Kearley. The firm employs around 89 individuals and generates an annual revenue of approximately $20.9 million.
What Makes BK&A Stand Out
BK&A is known for its customer-centric approach, offering tailored insurance solutions to meet the diverse needs of its clients. The company leverages partnerships with various insurance companies to provide more options and better coverage. This focus on customer service, combined with a strategic growth plan, has allowed BK&A to maintain a competitive edge in the insurance industry.
Attack Overview
On August 12, BK&A disclosed the cybersecurity incident, acknowledging its impact on their operations and some customer information. In response, the company took immediate steps to secure their network, including taking many systems offline as a precaution. They also engaged third-party cybersecurity experts and external legal counsel to investigate the breach and oversee their response. BK&A has begun notifying affected customers and is working to identify those whose information may have been compromised.
About BianLian Group
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses, governmental organizations, healthcare facilities, and educational institutions globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim.
Penetration Tactics
BianLian employs various tools for discovery, lateral movement, collection, exfiltration, and impact. The group has shifted from a double extortion model to primarily exfiltration-based extortion, threatening victims with financial, business, and legal consequences if payment is not made. This shift underscores the evolving threat landscape posed by ransomware groups like BianLian.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.