Ransomware Attack on Preferred IT Group by BianLian Compromises 122GB Data
Incident Date:
July 12, 2024
Overview
Title
Ransomware Attack on Preferred IT Group by BianLian Compromises 122GB Data
Victim
Preferred IT Group
Attacker
Bianlian
Location
First Reported
July 12, 2024
Ransomware Attack on Preferred IT Group by BianLian
Overview of Preferred IT Group
Preferred IT Group, LLC, based in Fort Wayne, Indiana, is a comprehensive technology solutions provider established in 2005. The company specializes in delivering IT services and support to medium-sized businesses, local governments, and educational institutions across Indiana, Michigan, and Ohio. Known for its proactive management of IT systems, quick response times, and customer-centric approach, Preferred IT Group stands out in the industry for its commitment to clear communication and tailored service packages.
Details of the Attack
The ransomware group BianLian has claimed responsibility for a significant attack on Preferred IT Group. The breach compromised 122 GB of sensitive data, including databases, technical data, business correspondence, confidential customer information, and email and message archives. This attack has put a vast amount of critical business and client data at risk, severely impacting the company's operations and client privacy.
About BianLian
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group is known for its exfiltration-based extortion tactics, threatening victims with financial, business, and legal consequences if payment is not made.
Penetration Tactics
BianLian typically gains initial access through compromised Remote Desktop Protocol (RDP) credentials. They implant custom backdoors specific to each victim, using PowerShell and Windows Command Shell for defense evasion. The group employs various tools for discovery, lateral movement, collection, exfiltration, and impact, making them a formidable threat to organizations with sensitive data.
Vulnerabilities and Impact
Preferred IT Group's extensive handling of sensitive client data and its role as a technology solutions provider made it a prime target for BianLian. The breach has highlighted vulnerabilities in the company's cybersecurity measures, emphasizing the need for robust defenses against sophisticated ransomware groups. The attack has not only jeopardized the company's operations but also the privacy and security of its clients' data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.