The Evolution of BianLian: From Banking Trojan to Ransomware Threat

Incident Date:

May 6, 2024

World map



The Evolution of BianLian: From Banking Trojan to Ransomware Threat


D'amico & Pettinicchi, LLC.




Watertown, USA

Connecticut, USA

First Reported

May 6, 2024

Ransomware Attack on D'Amico & Pettinicchi, LLC by BianLian Group

Company Profile

Founded in 1990, D'Amico & Pettinicchi, LLC is a Connecticut-based law firm specializing in personal injury, medical malpractice, and family law. The firm is known for its dedicated advocacy for victims of negligence, with a focus on securing justice and compensation. Despite its small size of 11-20 employees, the firm has made significant impacts in its field, generating revenues between $5 million to $10 million annually.

Details of the Ransomware Attack

The ransomware group BianLian has claimed responsibility for a cyberattack on D'Amico & Pettinicchi, LLC, announcing the breach on their dark web leak site. The attack resulted in the exfiltration of approximately 2 TB of sensitive data, including finance and HR data, incidents and case files, court and litigation data, exhibits, and extensive records containing Personally Identifiable Information (PII) and Protected Health Information (PHI) of clients.

Profile of the Ransomware Group: BianLian

BianLian, originally a banking trojan, has evolved into a sophisticated ransomware group known for its extortion-based strategies. The group employs advanced tactics such as compromised RDP credentials, custom backdoors, and extensive use of PowerShell and Windows Command Shell for defense evasion. Their recent shift to primarily exfiltration-based extortion highlights their adaptability and the increasing threat they pose to sectors with sensitive data.

Vulnerabilities and Potential Entry Points

The specific vulnerabilities exploited in this attack have not been disclosed. However, based on BianLian's known methodologies, it is plausible that compromised RDP credentials or phishing could have been the initial entry points. The firm's significant data repositories related to legal cases and sensitive client information make it a high-value target for ransomware groups seeking to leverage stolen data for extortion.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.