Ransomware Attack on Critchfield and Johnston by BianLian

Incident Date:

May 23, 2024

World map

Overview

Title

Ransomware Attack on Critchfield and Johnston by BianLian

Victim

Critchfield and Johnston

Attacker

Bianlian

Location

Wooster, USA

Ohio, USA

First Reported

May 23, 2024

Ransomware Attack on Critchfield and Johnston by BianLian

Victim Overview

Critchfield and Johnston, a law firm based in Akron, Ohio, specializing in business law, real estate, and litigation, recently fell victim to a ransomware attack by the sophisticated group BianLian. The firm, operating since 1950, boasts a team of experienced attorneys providing legal services to clients in Ohio and surrounding states. With a revenue of $9.8 million, Critchfield and Johnston is considered a standout in the legal industry for its expertise in business law and real estate transactions.

Attack Details

The cyberattack compromised 4.7 TB of sensitive data, including financial records, HR data, incidents and case files, court and litigation data, exhibits, personal identifiable information (PII), personal health information (PHI), internal and external email correspondence, and various databases. Data from the Heartland Title Agency's corporate network was also affected, posing serious risks to the firm's clients and internal operations.

Ransomware Group BianLian

BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses globally. The group focuses on sectors with sensitive data and financial capacity, including legal services, among others. BianLian gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and employing various tools for discovery, lateral movement, and exfiltration.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.