BianLian ransomware group in 2022: 52 companies compromised
CYBERWARZONE – The BianLian ransomware group is having a busy 2022, in this year alone, they have successfully compromised 52 companies. I have listed down the attacks for you in a nice list.
In average, this means they had a victim for each week of the year. (52 victims, 52 weeks in a year).
Reza Rafati
BianLian victim list
The current BianLian DLS site holds 52 records of compromised companies.
The victims of BianLian are mainly located in the United States, and this can be for the simple reason that BianLian is a financially motivated threat actor.
| Victim | Date | Year |
|---|---|---|
| Badger Truck Refrigeration Inc | november 15 | 2022 |
| Block Buildings LLC | november 14 | 2022 |
| Altec Engineering LLC | november 14 | 2022 |
| Samrin Services Pvt Ltd | november 13 | 2022 |
| Power Plant Services LLC | november 4 | 2022 |
| Harry Rosen | October 19 | 2022 |
| Rentz Management | October 18 | 2022 |
| VANOSS Public School | October 7 | 2022 |
| Netas | October 6 | 2022 |
| Boon Tool Co | October 4 | 2022 |
| Gazelle International Ltd | October 1 | 2022 |
| Versah | september 26 | 2022 |
| Centura College | september 25 | 2022 |
| Modular Mining | september 23 | 2022 |
| Myton School | september 22 | 2022 |
| Bartelt | september 21 | 2022 |
| Seanic Ocean Systems | september 16 | 2022 |
| Läderach | september 15 | 2022 |
| Feldman Holtzman & Company | september 15 | 2022 |
| Berg Kaprow Lewis | september 15 | 2022 |
| Aarti Drugs Ltd | september 9 | 2022 |
| Sunflower Farms Distributors Inc | september 5 | 2022 |
| Peter Duffy Ltd | september 4 | 2022 |
| Infinitely Virtual | september 4 | 2022 |
| Baer’s | september 2 | 2022 |
| Mayfield School | september 1 | 2022 |
| McGann Facial Design | augustus 31 | 2022 |
| BMW of Sherman Oaks | augustus 31 | 2022 |
| Aesthetic Dermatology Associates | augustus 27 | 2022 |
| Dorsey metrology | augustus 25 | 2022 |
| Captec-group | augustus 24 | 2022 |
| Early Lucarelli Sweeney & Meisenkothen | augustus 19 | 2022 |
| Daydream Island Resort & Spa | augustus 18 | 2022 |
| 4cRisk | augustus 10 | 2022 |
| Community Dental Partners | augustus 8 | 2022 |
| Ramada Hervey Bay Hotel Resort | augustus 6 | 2022 |
| International Custom Controls | July 31 | 2022 |
| Advance Corporation | July 29 | 2022 |
| The Preston Partnership | July 28 | 2022 |
| WWAY-TV LLC | July 22 | 2022 |
| Alegria Family Services | July 22 | 2022 |
| Magnachem | July 21 | 2022 |
| Abdulaziz Grossbart & Rudman | July 12 | 2022 |
| Spalding Grammar School | July 11 | 2022 |
| Conway Electrics | July 8 | 2022 |
| Veritas Solicitors | June 29 | 2022 |
| Rain the Growth Agency | June 28 | 2022 |
| Mooresville Schools | June 21 | 2022 |
| ISGEC Heavy Engineering | June 21 | 2022 |
| High Power Technical Services | June 20 | 2022 |
| Anderson Insurance Associates | June 17 | 2022 |
| Mackenzie Medical | June 5 | 2022 |
The victims of BianLian operate in these industries:
- manufacturing
- education
- healthcare
- professional services
- energy
- banking
- financial services
- insurance
- entertainment
BianLian has its own tools, they make use of encrypters, backdoors and command and control software to remain in control during their malicious cyberattack campaigns.
BianLian Data Leak Site
The BianLian data leak site (DLS) is still active, from time to time the threat actor post new compromised companies on their companies listing page.
The BianLian data leak site is accessible by TOR. The website doesn’t load from time to time, but at the moment of writing, it is still online. In most cases, it is just loads slow.
Some other resources on BianLian
blogs.blackberry.com/en/2022/10/bianlian-ransomware-encrypts-files-in-the-blink-of-an-eye
dxc.com/us/en/insights/perspectives/report/dxc-security-threat-intelligence-report/october-2022/new-bianlian-ransomware-group-picks-up-its-pace
redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/
darkreading.com/vulnerabilities-threats/researchers-snowballing-bianlian-ransomware-gang-activity
