Ransomware Attack on D'Amico & Pettinicchi, LLC by BianLian Group

Attack Overview

D'Amico & Pettinicchi, LLC, a Connecticut-based law firm specializing in personal injury and medical malpractice, has become the latest victim of the notorious ransomware group BianLian. The attack resulted in the exfiltration of approximately 2 TB of sensitive data, including financial records, human resources data, case files, court documents, and personal information of clients.

Details of the Compromised Data

The data breach involved a wide array of sensitive information critical to the operations of the law firm. This includes:

• Financial data and HR records
• Incident and case files related to ongoing legal matters
• Court and litigation documents
• Exhibits and evidence files
• Personally Identifiable Information (PII) and Protected Health Information (PHI) of clients
• Internal and external email communications

Company Profile

Founded in 1990, D'Amico & Pettinicchi, LLC has established itself as a dedicated law firm with a focus on personal injury, medical malpractice, and nursing home negligence. The firm is known for its personalized service, provided by a team of experienced attorneys and paralegals. With an estimated annual revenue between $5 million to $10 million and a staff size of 11-50 employees, the firm emphasizes client-focused legal representation.

Vulnerabilities and Target Profile

The law firm's extensive handling of sensitive client data, combined with its size and financial capacity, makes it an attractive target for ransomware attacks like those conducted by BianLian. Law firms are particularly vulnerable due to the nature of the data they manage, which includes confidential legal and personal information that can be exploited for extortion.

Sources

• Threat Actor Profile: BianLian - The Shape-Shifting Ransomware Group
• CISA Cybersecurity Advisory AA23-136A
• IC3.gov Media News 2023/230516
• BianLian Ransomware Group Threat Assessment - Unit42
• BianLian Ransomware Report - Quorum Cyber