The Evolution of BianLian: From Banking Trojan to Ransomware Threat
Incident Date:
May 6, 2024
Overview
Title
The Evolution of BianLian: From Banking Trojan to Ransomware Threat
Victim
D'amico & Pettinicchi, LLC.
Attacker
Bianlian
Location
First Reported
May 6, 2024
Ransomware Attack on D'Amico & Pettinicchi, LLC by BianLian Group
Company Profile
Founded in 1990, D'Amico & Pettinicchi, LLC is a Connecticut-based law firm specializing in personal injury, medical malpractice, and family law. The firm is known for its dedicated advocacy for victims of negligence, with a focus on securing justice and compensation. Despite its small size of 11-20 employees, the firm has made significant impacts in its field, generating revenues between $5 million to $10 million annually.
Details of the Ransomware Attack
The ransomware group BianLian has claimed responsibility for a cyberattack on D'Amico & Pettinicchi, LLC, announcing the breach on their dark web leak site. The attack resulted in the exfiltration of approximately 2 TB of sensitive data, including finance and HR data, incidents and case files, court and litigation data, exhibits, and extensive records containing Personally Identifiable Information (PII) and Protected Health Information (PHI) of clients.
Profile of the Ransomware Group: BianLian
BianLian, originally a banking trojan, has evolved into a sophisticated ransomware group known for its extortion-based strategies. The group employs advanced tactics such as compromised RDP credentials, custom backdoors, and extensive use of PowerShell and Windows Command Shell for defense evasion. Their recent shift to primarily exfiltration-based extortion highlights their adaptability and the increasing threat they pose to sectors with sensitive data.
Vulnerabilities and Potential Entry Points
The specific vulnerabilities exploited in this attack have not been disclosed. However, based on BianLian's known methodologies, it is plausible that compromised RDP credentials or phishing could have been the initial entry points. The firm's significant data repositories related to legal cases and sensitive client information make it a high-value target for ransomware groups seeking to leverage stolen data for extortion.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.