The Evolution of BianLian: From Banking Trojan to Ransomware Threat

Incident Date: May 06, 2024

Attack Overview
VICTIM
D'amico & Pettinicchi, LLC.
INDUSTRY
Law Firms & Legal Services
LOCATION
USA
ATTACKER
Bianlian
FIRST REPORTED
May 6, 2024

Ransomware Attack on D'Amico & Pettinicchi, LLC by BianLian Group

Company Profile

Founded in 1990, D'Amico & Pettinicchi, LLC is a Connecticut-based law firm specializing in personal injury, medical malpractice, and family law. The firm is known for its dedicated advocacy for victims of negligence, with a focus on securing justice and compensation. Despite its small size of 11-20 employees, the firm has made significant impacts in its field, generating revenues between $5 million to $10 million annually.

Details of the Ransomware Attack

The ransomware group BianLian has claimed responsibility for a cyberattack on D'Amico & Pettinicchi, LLC, announcing the breach on their dark web leak site. The attack resulted in the exfiltration of approximately 2 TB of sensitive data, including finance and HR data, incidents and case files, court and litigation data, exhibits, and extensive records containing Personally Identifiable Information (PII) and Protected Health Information (PHI) of clients.

Profile of the Ransomware Group: BianLian

BianLian, originally a banking trojan, has evolved into a sophisticated ransomware group known for its extortion-based strategies. The group employs advanced tactics such as compromised RDP credentials, custom backdoors, and extensive use of PowerShell and Windows Command Shell for defense evasion. Their recent shift to primarily exfiltration-based extortion highlights their adaptability and the increasing threat they pose to sectors with sensitive data.

Vulnerabilities and Potential Entry Points

The specific vulnerabilities exploited in this attack have not been disclosed. However, based on BianLian's known methodologies, it is plausible that compromised RDP credentials or phishing could have been the initial entry points. The firm's significant data repositories related to legal cases and sensitive client information make it a high-value target for ransomware groups seeking to leverage stolen data for extortion.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.