BianLian ransomware group in 2022: 52 companies compromised

CYBERWARZONE – The BianLian ransomware group is having a busy 2022, in this year alone, they have successfully compromised 52 companies. I have listed down the attacks for you in a nice list.

In average, this means they had a victim for each week of the year. (52 victims, 52 weeks in a year).

Reza Rafati

BianLian victim list

The current BianLian DLS site holds 52 records of compromised companies.

BianLian DLS website on TOR

The victims of BianLian are mainly located in the United States, and this can be for the simple reason that BianLian is a financially motivated threat actor.

VictimDateYear
Badger Truck Refrigeration Incnovember 152022
Block Buildings LLCnovember 142022
Altec Engineering LLCnovember 142022
Samrin Services Pvt Ltdnovember 132022
Power Plant Services LLCnovember 42022
Harry RosenOctober 192022
Rentz ManagementOctober 182022
VANOSS Public SchoolOctober 72022
NetasOctober 62022
Boon Tool CoOctober 42022
Gazelle International LtdOctober 12022
Versahseptember 262022
Centura Collegeseptember 252022
Modular Miningseptember 232022
Myton Schoolseptember 222022
Barteltseptember 212022
Seanic Ocean Systemsseptember 162022
L├Ąderachseptember 152022
Feldman Holtzman & Companyseptember 152022
Berg Kaprow Lewisseptember 152022
Aarti Drugs Ltdseptember 92022
Sunflower Farms Distributors Incseptember 52022
Peter Duffy Ltdseptember 42022
Infinitely Virtualseptember 42022
Baer’sseptember 22022
Mayfield Schoolseptember 12022
McGann Facial Designaugustus 312022
BMW of Sherman Oaksaugustus 312022
Aesthetic Dermatology Associatesaugustus 272022
Dorsey metrologyaugustus 252022
Captec-groupaugustus 242022
Early Lucarelli Sweeney & Meisenkothenaugustus 192022
Daydream Island Resort & Spaaugustus 182022
4cRiskaugustus 102022
Community Dental Partnersaugustus 82022
Ramada Hervey Bay Hotel Resortaugustus 62022
International Custom ControlsJuly 312022
Advance CorporationJuly 292022
The Preston PartnershipJuly 282022
WWAY-TV LLCJuly 222022
Alegria Family ServicesJuly 222022
MagnachemJuly 212022
Abdulaziz Grossbart & RudmanJuly 122022
Spalding Grammar SchoolJuly 112022
Conway ElectricsJuly 82022
Veritas SolicitorsJune 292022
Rain the Growth AgencyJune 282022
Mooresville SchoolsJune 212022
ISGEC Heavy EngineeringJune 212022
High Power Technical ServicesJune 202022
Anderson Insurance AssociatesJune 172022
Mackenzie MedicalJune 52022
BianLian cyber attacks overview

The victims of BianLian operate in these industries:

  • manufacturing
  • education
  • healthcare
  • professional services
  • energy
  • banking
  • financial services
  • insurance
  • entertainment

BianLian has its own tools, they make use of encrypters, backdoors and command and control software to remain in control during their malicious cyberattack campaigns.

BianLian Data Leak Site

The BianLian data leak site (DLS) is still active, from time to time the threat actor post new compromised companies on their companies listing page.

The BianLian data leak site is accessible by TOR. The website doesn’t load from time to time, but at the moment of writing, it is still online. In most cases, it is just loads slow.

Some other resources on BianLian

blogs.blackberry.com/en/2022/10/bianlian-ransomware-encrypts-files-in-the-blink-of-an-eye
dxc.com/us/en/insights/perspectives/report/dxc-security-threat-intelligence-report/october-2022/new-bianlian-ransomware-group-picks-up-its-pace
redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/
darkreading.com/vulnerabilities-threats/researchers-snowballing-bianlian-ransomware-gang-activity

Share this information