Ransomware Attack on Wind Composite Services Group, LLC by BianLian
Incident Date:
May 26, 2024
Overview
Title
Ransomware Attack on Wind Composite Services Group, LLC by BianLian
Victim
Wind Composite Services Group, LLC
Attacker
Bianlian
Location
First Reported
May 26, 2024
Ransomware Attack on Wind Composite Services Group, LLC by BianLian
Victim Overview
Wind Composite Services Group, LLC (WindCom) is a leading provider of wind blade services in North America. With 153 employees and a revenue of $31.3 million, WindCom specializes in wind turbine maintenance and repair services. The company stands out in the industry due to its technical competence, global presence, and extensive database of blade data.
Attack Overview
WindCom has fallen victim to a ransomware attack by the BianLian ransomware group. The attackers managed to exfiltrate 412 GB of sensitive data from WindCom's systems. The stolen data includes finance records, HR information, business data, engineering documents, incident reports, and email correspondence, posing a significant threat to the company's operations and security.
Ransomware Group: BianLian
BianLian is a sophisticated ransomware group known for targeting businesses, governmental organizations, healthcare facilities, and educational institutions globally. The group has evolved from a banking trojan to advanced ransomware operations, emphasizing extortion-based strategies. BianLian distinguishes itself through its exfiltration-based extortion tactics and global reach, with a focus on sectors like healthcare, manufacturing, and legal services.
Penetration and Vulnerabilities
BianLian likely penetrated WindCom's systems through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors for each victim, and using PowerShell and Windows Command Shell for defense evasion. WindCom's extensive database of blade data and sensitive business information made it an attractive target for threat actors seeking financial gain through data exfiltration and extortion.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.