Ransomware Breach: BianLian Hits Anniversary Holding Company
Incident Date:
August 9, 2024
Overview
Title
Ransomware Breach: BianLian Hits Anniversary Holding Company
Victim
Anniversary Holding Company
Attacker
Bianlian
Location
First Reported
August 9, 2024
Ransomware Attack on Anniversary Holding Company by BianLian
On August 12, 2024, Anniversary Holding Company, LLC, a prominent investment holding company based in Lafayette, Louisiana, fell victim to a ransomware attack orchestrated by the notorious BianLian group. The attack resulted in a significant data breach, compromising approximately 2.9 terabytes of sensitive information.
About Anniversary Holding Company
Established in 2009 and incorporated in Texas, Anniversary Holding Company operates primarily as an investment holding company. It is classified under "Offices of Holding Companies, NEC," indicating its role in managing investments rather than engaging directly in production or service delivery. The company focuses on a selective portfolio of investments, providing strategic guidance, operational support, and financial resources to its subsidiaries. Despite its significant role in the investment landscape, specific details about its operations and financial metrics are not extensively disclosed.
Attack Overview
The ransomware attack led to the exfiltration of a wide range of critical information, including financial records, human resources data, and information from four of AHCLA's related companies. The breach also affected data pertaining to partners, vendors, and customers, including personally identifiable information (PII) and protected health information (PHI) such as injury reports and medical records. Additionally, the attackers accessed mailboxes and internal and external email correspondence, as well as various databases.
About BianLian
BianLian is a sophisticated ransomware group known for its evolution from a banking trojan to advanced ransomware operations. The group employs extortion-based strategies, initially gaining access through compromised Remote Desktop Protocol (RDP) credentials. BianLian uses custom backdoors, PowerShell, and Windows Command Shell for defense evasion, and various tools for discovery, lateral movement, collection, exfiltration, and impact. The group has a global reach, with a higher concentration of attacks in North America and Europe, particularly targeting sectors with sensitive data and financial capacity.
Penetration and Vulnerabilities
The attack on Anniversary Holding Company underscores the vulnerabilities that investment holding companies face, particularly those with extensive digital records and sensitive information. The lack of extensive public engagement and detailed operational disclosures may have contributed to the company's vulnerability, as threat actors like BianLian often exploit such gaps. The group's sophisticated tactics, including the use of compromised RDP credentials and custom backdoors, highlight the need for enhanced cybersecurity measures to protect against such advanced threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.