BianLian Ransomware Strikes Legend Properties, Exfiltrates 400GB
Analysis of the BianLian Ransomware Attack on Legend Properties, Inc.
Company Profile: Legend Properties, Inc.
Legend Properties, Inc., established in 1990, is a prominent commercial real estate and brokerage firm operating in eastern and central Pennsylvania, New Jersey, and Delaware. The company specializes in retail leasing, tenant representation, investment sales, and commercial land development. With its headquarters in Cherry Hill, New Jersey, Legend Properties stands out in the industry due to its comprehensive service offerings and local market expertise. However, the nature of their business involves handling substantial amounts of sensitive client and business data, which potentially increases their vulnerability to cyber-attacks.
Details of the Ransomware Attack
The ransomware group BianLian has recently targeted Legend Properties, Inc., claiming to have exfiltrated 400 GB of sensitive data. This data purportedly includes critical business information, accounting records, project details, and personal information from network users’ folders and file servers. The attack was announced on BianLian's dark web leak site, indicating a serious security breach that could have severe financial and reputational consequences for Legend Properties.
Profile of the Ransomware Group: BianLian
BianLian, originally known as a banking trojan, has evolved into a sophisticated ransomware group. The group is known for its global operations, primarily targeting sectors with significant data sensitivity and financial resources. BianLian employs a range of tactics including compromised Remote Desktop Protocol (RDP) credentials, custom backdoors, and extensive use of PowerShell and Windows Command Shell for defense evasion. Their operations have shifted focus from double extortion to primarily exfiltration-based extortion, threatening severe financial and legal repercussions against their victims.
Potential Entry Points and Security Implications
For Legend Properties, the entry point for BianLian could have been through compromised RDP credentials, a common attack vector for the group. The real estate sector often relies on remote access tools, which can become vulnerabilities if not properly secured. The extensive amount of sensitive data managed by Legend Properties also makes them an attractive target for ransomware groups like BianLian, who specialize in data exfiltration and extortion.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!