Ransomware Attack on Texas Infectious Disease Center by BianLian Group
Incident Date:
August 14, 2024
Overview
Title
Ransomware Attack on Texas Infectious Disease Center by BianLian Group
Victim
Texas Centers for Infectious Disease Associates
Attacker
Bianlian
Location
First Reported
August 14, 2024
Ransomware Attack on Texas Centers for Infectious Disease Associates by BianLian Group
Texas Centers for Infectious Disease Associates (TCIDA), a healthcare organization specializing in the diagnosis, treatment, and management of infectious diseases, recently fell victim to a ransomware attack orchestrated by the BianLian group. The cybercriminals claim to have infiltrated the organization's systems, exfiltrating a substantial 300 GB of sensitive data.
About Texas Centers for Infectious Disease Associates
Founded in 1997 by Dr. Daniel Barbaro, TCIDA operates out of Fort Worth, Texas, and is recognized for its comprehensive approach to infectious diseases. The organization provides specialized services, including the distribution of vaccines for COVID-19 and Monkeypox, particularly targeting high-risk patients. TCIDA employs a team of experienced healthcare professionals, including infectious disease specialists, nurses, and support staff, who work collaboratively to provide high-quality care. The center focuses on both outpatient and inpatient services, ensuring continuous care throughout the treatment journey.
Attack Overview
The ransomware attack on TCIDA was claimed by the BianLian group via their dark web leak site. The compromised information reportedly includes accounting records, medical and personal data, personal folders of network users, files from the president's computer, and data from the fileserver. This breach highlights the vulnerabilities in TCIDA's cybersecurity measures, making them a target for sophisticated ransomware groups.
About the BianLian Ransomware Group
BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses, governmental organizations, healthcare facilities, and educational institutions globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, using PowerShell and Windows Command Shell for defense evasion, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.
Penetration and Impact
BianLian's tactics have evolved to include exfiltration of sensitive data, leading to significant financial and reputational consequences for compromised organizations. The group's shift towards exfiltration-based extortion and its global reach underscore the evolving threat landscape posed by ransomware groups. In the case of TCIDA, the attack has exposed critical vulnerabilities in their cybersecurity infrastructure, emphasizing the need for enhanced security measures to protect sensitive healthcare data.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.