Ransomware Attack on Critchfield and Johnston by BianLian
Incident Date:
May 23, 2024
Overview
Title
Ransomware Attack on Critchfield and Johnston by BianLian
Victim
Critchfield and Johnston
Attacker
Bianlian
Location
First Reported
May 23, 2024
Ransomware Attack on Critchfield and Johnston by BianLian
Victim Overview
Critchfield and Johnston, a law firm based in Akron, Ohio, specializing in business law, real estate, and litigation, recently fell victim to a ransomware attack by the sophisticated group BianLian. The firm, operating since 1950, boasts a team of experienced attorneys providing legal services to clients in Ohio and surrounding states. With a revenue of $9.8 million, Critchfield and Johnston is considered a standout in the legal industry for its expertise in business law and real estate transactions.
Attack Details
The cyberattack compromised 4.7 TB of sensitive data, including financial records, HR data, incidents and case files, court and litigation data, exhibits, personal identifiable information (PII), personal health information (PHI), internal and external email correspondence, and various databases. Data from the Heartland Title Agency's corporate network was also affected, posing serious risks to the firm's clients and internal operations.
Ransomware Group BianLian
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses globally. The group focuses on sectors with sensitive data and financial capacity, including legal services, among others. BianLian gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and employing various tools for discovery, lateral movement, and exfiltration.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.