Ransomware Attack on Payne & Jones by BianLian Ransomware Group

Incident Date:

May 26, 2024

World map

Overview

Title

Ransomware Attack on Payne & Jones by BianLian Ransomware Group

Victim

Payne and Jones

Attacker

Bianlian

Location

Overland Park, USA

Kansas, USA

First Reported

May 26, 2024

Ransomware Attack on Payne & Jones by BianLian Ransomware Group

Victim Overview

Payne & Jones, a law firm with a revenue of $7.2 million, specializes in providing legal services in areas such as business law, real estate law, estate planning, and civil litigation. The firm is based in the United States, primarily serving the Greater Kansas City Area. Payne & Jones, Chartered, has a long history dating back to 1926 and is known for its tradition of excellence and strong reputation in the Kansas City area.

Company Profile

Payne & Jones, Chartered is a law firm that provides legal services in various areas, including business, estate, family, and litigation. The firm has a diverse practice group that represents businesses across various industries and has handled business matters all over the country.

Standout Features

Payne & Jones, Chartered stands out in the industry due to its diverse practice group that caters to businesses in various sectors. The firm's tradition of excellence and strong reputation in the Kansas City area make it a trusted legal partner for many clients.

Company Vulnerabilities

Being a law firm dealing with sensitive legal information, Payne & Jones is vulnerable to cyber threats, especially ransomware attacks. The firm's extensive data, including finance records, HR information, legal documents, and clients' personally identifiable information, makes it an attractive target for threat actors seeking to extort sensitive data for financial gain.

Attack Details

The BianLian ransomware group targeted Payne & Jones in a recent attack, extracting 1.65 TB of critical data from the firm's systems. The compromised data includes finance records, HR information, legal documents, clients' personally identifiable information, and extensive email correspondence. This breach poses significant financial and reputational risks to the firm.

Ransomware Group Overview

BianLian is a sophisticated ransomware group known for targeting businesses, governmental organizations, healthcare facilities, and educational institutions globally. The group has evolved from a banking trojan to advanced ransomware operations, emphasizing extortion-based strategies and exfiltration of sensitive data to threaten victims into making payments.

Penetration Tactics

BianLian gains initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and using various tools for discovery, lateral movement, and data exfiltration. The group's tactics include defense evasion using PowerShell and Windows Command Shell, making them difficult to detect and mitigate.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.