Ransomware Hits Prominent Immigration Law Firm in California
Incident Date:
September 13, 2024
Overview
Title
Ransomware Hits Prominent Immigration Law Firm in California
Victim
Law Offices of Michael J Gurfinkel, Inc
Attacker
Bianlian
Location
First Reported
September 13, 2024
Ransomware Attack on The Law Offices of Michael J. Gurfinkel, Inc.
The Law Offices of Michael J. Gurfinkel, Inc., a prominent immigration law firm based in Glendale, California, has recently fallen victim to a ransomware attack orchestrated by the BianLian group. This attack has compromised sensitive client data, accounting information, operational files, and email correspondence.
About The Law Offices of Michael J. Gurfinkel, Inc.
Founded by Attorney Michael J. Gurfinkel, the firm specializes in a comprehensive range of immigration-related legal services. The firm is well-regarded for its dedication to helping clients navigate the complexities of U.S. immigration law, often taking on cases deemed "miracle cases" or those considered too difficult by other attorneys. The firm employs between 11-50 employees and operates primarily from its Glendale office, with additional presence in San Francisco and Makati, Philippines.
Attack Overview
The ransomware attack was announced on BianLian's dark web leak site, where the group provided a detailed overview of the breach. The compromised data includes client personal data, accounting information, operational files, and email correspondence. Screenshots revealing folder structures of the compromised data were also posted, with all personally identifiable information (PII) appropriately redacted.
About BianLian Ransomware Group
BianLian is a sophisticated ransomware group known for its evolution from targeting individual users to launching high-profile attacks on businesses and organizations globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group has a broad attack range, focusing on sectors with sensitive data and financial capacity, including legal services.
Penetration and Vulnerabilities
BianLian typically gains initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim. The group uses PowerShell and Windows Command Shell for defense evasion and employs various tools for discovery, lateral movement, collection, exfiltration, and impact. The Law Offices of Michael J. Gurfinkel, Inc., like many firms in the legal sector, handles a significant amount of sensitive data, making it a prime target for ransomware groups like BianLian.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.