Ransomware Attack on Texas Infectious Disease Center by BianLian Group

Incident Date:

August 14, 2024

World map

Overview

Title

Ransomware Attack on Texas Infectious Disease Center by BianLian Group

Victim

Texas Centers for Infectious Disease Associates

Attacker

Bianlian

Location

Fort Worth, USA

Texas, USA

First Reported

August 14, 2024

Ransomware Attack on Texas Centers for Infectious Disease Associates by BianLian Group

Texas Centers for Infectious Disease Associates (TCIDA), a healthcare organization specializing in the diagnosis, treatment, and management of infectious diseases, recently fell victim to a ransomware attack orchestrated by the BianLian group. The cybercriminals claim to have infiltrated the organization's systems, exfiltrating a substantial 300 GB of sensitive data.

About Texas Centers for Infectious Disease Associates

Founded in 1997 by Dr. Daniel Barbaro, TCIDA operates out of Fort Worth, Texas, and is recognized for its comprehensive approach to infectious diseases. The organization provides specialized services, including the distribution of vaccines for COVID-19 and Monkeypox, particularly targeting high-risk patients. TCIDA employs a team of experienced healthcare professionals, including infectious disease specialists, nurses, and support staff, who work collaboratively to provide high-quality care. The center focuses on both outpatient and inpatient services, ensuring continuous care throughout the treatment journey.

Attack Overview

The ransomware attack on TCIDA was claimed by the BianLian group via their dark web leak site. The compromised information reportedly includes accounting records, medical and personal data, personal folders of network users, files from the president's computer, and data from the fileserver. This breach highlights the vulnerabilities in TCIDA's cybersecurity measures, making them a target for sophisticated ransomware groups.

About the BianLian Ransomware Group

BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses, governmental organizations, healthcare facilities, and educational institutions globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, using PowerShell and Windows Command Shell for defense evasion, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.

Penetration and Impact

BianLian's tactics have evolved to include exfiltration of sensitive data, leading to significant financial and reputational consequences for compromised organizations. The group's shift towards exfiltration-based extortion and its global reach underscore the evolving threat landscape posed by ransomware groups. In the case of TCIDA, the attack has exposed critical vulnerabilities in their cybersecurity infrastructure, emphasizing the need for enhanced security measures to protect sensitive healthcare data.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.