The Evolution of BianLian: From Banking Trojan to Ransomware Threat
Ransomware Attack on D'Amico & Pettinicchi, LLC by BianLian Group
Company Profile
Founded in 1990, D'Amico & Pettinicchi, LLC is a Connecticut-based law firm specializing in personal injury, medical malpractice, and family law. The firm is known for its dedicated advocacy for victims of negligence, with a focus on securing justice and compensation. Despite its small size of 11-20 employees, the firm has made significant impacts in its field, generating revenues between $5 million to $10 million annually.
Details of the Ransomware Attack
The ransomware group BianLian has claimed responsibility for a cyberattack on D'Amico & Pettinicchi, LLC, announcing the breach on their dark web leak site. The attack resulted in the exfiltration of approximately 2 TB of sensitive data, including finance and HR data, incidents and case files, court and litigation data, exhibits, and extensive records containing Personally Identifiable Information (PII) and Protected Health Information (PHI) of clients.
Profile of the Ransomware Group: BianLian
BianLian, originally a banking trojan, has evolved into a sophisticated ransomware group known for its extortion-based strategies. The group employs advanced tactics such as compromised RDP credentials, custom backdoors, and extensive use of PowerShell and Windows Command Shell for defense evasion. Their recent shift to primarily exfiltration-based extortion highlights their adaptability and the increasing threat they pose to sectors with sensitive data.
Vulnerabilities and Potential Entry Points
The specific vulnerabilities exploited in this attack have not been disclosed. However, based on BianLian's known methodologies, it is plausible that compromised RDP credentials or phishing could have been the initial entry points. The firm's significant data repositories related to legal cases and sensitive client information make it a high-value target for ransomware groups seeking to leverage stolen data for extortion.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!