Ransomware Attack on Payne & Jones by BianLian Ransomware Group
Incident Date:
May 26, 2024
Overview
Title
Ransomware Attack on Payne & Jones by BianLian Ransomware Group
Victim
Payne and Jones
Attacker
Bianlian
Location
First Reported
May 26, 2024
Ransomware Attack on Payne & Jones by BianLian Ransomware Group
Victim Overview
Payne & Jones, a law firm with a revenue of $7.2 million, specializes in providing legal services in areas such as business law, real estate law, estate planning, and civil litigation. The firm is based in the United States, primarily serving the Greater Kansas City Area. Payne & Jones, Chartered, has a long history dating back to 1926 and is known for its tradition of excellence and strong reputation in the Kansas City area.
Company Profile
Payne & Jones, Chartered is a law firm that provides legal services in various areas, including business, estate, family, and litigation. The firm has a diverse practice group that represents businesses across various industries and has handled business matters all over the country.
Standout Features
Payne & Jones, Chartered stands out in the industry due to its diverse practice group that caters to businesses in various sectors. The firm's tradition of excellence and strong reputation in the Kansas City area make it a trusted legal partner for many clients.
Company Vulnerabilities
Being a law firm dealing with sensitive legal information, Payne & Jones is vulnerable to cyber threats, especially ransomware attacks. The firm's extensive data, including finance records, HR information, legal documents, and clients' personally identifiable information, makes it an attractive target for threat actors seeking to extort sensitive data for financial gain.
Attack Details
The BianLian ransomware group targeted Payne & Jones in a recent attack, extracting 1.65 TB of critical data from the firm's systems. The compromised data includes finance records, HR information, legal documents, clients' personally identifiable information, and extensive email correspondence. This breach poses significant financial and reputational risks to the firm.
Ransomware Group Overview
BianLian is a sophisticated ransomware group known for targeting businesses, governmental organizations, healthcare facilities, and educational institutions globally. The group has evolved from a banking trojan to advanced ransomware operations, emphasizing extortion-based strategies and exfiltration of sensitive data to threaten victims into making payments.
Penetration Tactics
BianLian gains initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and using various tools for discovery, lateral movement, and data exfiltration. The group's tactics include defense evasion using PowerShell and Windows Command Shell, making them difficult to detect and mitigate.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.