The BianLian ransomware group has claimed three new victims, adding them to its dark web portal. Targeted organizations include North Star Tax and Accounting, KC Pharmaceuticals and Martinaire, all based in the United States. However, details regarding the scale of the BianLian ransomware attack, data compromise, and the motive of the cyberattack remain confidential.
Despite the assertions of BianLian ransomware, the official sites of the targeted companies are fully functional. This discrepancy has raised doubts about the authenticity of the BianLian group’s claim. To verify the veracity of the allegations,
The Cyber Express team contacted the heads of the organizations concerned. At the time of writing this report, no response has been received, leaving the BianLian ransomware attack unverified claim.
BianLian ransomware attack: impact on the industry
The potential implications of the recent BianLian ransomware attacks are particularly alarming, given the size and nature of the companies that have fallen prey to this insidious group. North Star Tax and Accountinga renowned firm in the financial sector, is responsible for handling sensitive financial information for many clients.
Compromising this data could have serious repercussions, not only for the company but also for the individuals and businesses who rely on their services. Financial data breaches can lead to identity theft, financial fraud and a loss of trust among customers, potentially jeopardizing the company’s position in the industry.
KC Pharmaceuticals, another victim of this wave of attacks, operates in the pharmaceutical sector, a critical industry responsible for the development and distribution of life-saving medications. Any disruption to their operations could not only compromise proprietary research and development data, but also pose a threat to public health by affecting the production and distribution of essential pharmaceutical products.
The potential consequences of such an attack extend far beyond immediate financial losses, encompassing risks to public health and damage to the pharmaceutical supply chain.
Martinaire, an airline specializing in air cargo services, is the third victim named in the case. Ransomware complaints. The aviation industry is known for its strict security regulations, and any compromise of Martinaire’s systems could potentially have broad implications for air cargo logistics and transportation security. This highlights the broader impact that cyberattacks against critical infrastructure sectors can have on national security and economic stability.
History Repeats Itself: Previous Attacks and Unverified Claims
BianLian ransomware, as stated in a BlackBerry report, features exceptional encryption speed and is coded in the Go (Golang) programming language. This sophisticated approach allowed the group to hit multiple organizations, leaving a trail of unverified claims in its wake.
This isn’t the first time BianLian has surfaced; earlier in 2024, the group Targeted MOOver, claiming access to a staggering 1.1 terabytes of data. Afterwards, Northeast Spine and Sports Medicine also found themselves on the list of victims. These two claims, like recent ones, remain unverified.
Additionally, in October 2023, the ransomware group added four victims to its dark web portal. Despite these claims, the websites of these alleged victims showed no immediate signs of cyber attack.
Going back further, in December 2022, the Australian Real Estate Group (AREG) has fallen prey to BianLian, with cybercriminals demanding a $5 million ransom. The group not only claimed responsibility, but also shared compressed folders containing sensitive company data.
THE Cybersecurity and Infrastructure Security Agency (CISA) has been monitoring BianLian’s activities, warning of its dark record, particularly targeting critical infrastructure sectors in the United States since June 2022.
BianLian group’s tactics involve infiltrating victim systems via valid Remote Desktop Protocol (RDP) credentials. They use open source tools and command-line scripts for discovery, credential collection, and eventually exfiltration of victim data via File Transfer Protocol (FTP), Rclone or Mega.
The group’s persistent attacks highlight the need for cybersecurity practices to avoid falling victim to these cybercriminals and protect critical infrastructure sectors from potential damage.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. THE Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.