BianLian Ransomware Hits New York's Povman Law Firm

Incident Date: Oct 23, 2024

Attack Overview

VICTIM

The Povman Law Firm

INDUSTRY

Law Firms & Legal Services

LOCATION

USA

ATTACKER

Bianlian

FIRST REPORTED

October 23, 2024

Request Removal

BianLian Ransomware Group Targets The Povman Law Firm

The Povman Law Firm, a well-established legal practice in Forest Hills, New York, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. This family-run firm, known for its expertise in personal injury, medical malpractice, wills and trusts, and real estate law, has been a prominent advocate for individuals and families affected by negligence for over 50 years.

Victim Profile: The Povman Law Firm

The Povman Law Firm operates as a small to medium-sized legal office, emphasizing personalized client service and a commitment to achieving favorable outcomes. Founded by Morton and Bruce Povman, the firm has a legacy spanning three generations, with a proven track record of success in complex negligence cases. Their specialization in high-profile personal injury and medical malpractice cases has garnered significant media attention, establishing them as a trusted resource in the New York legal community.

Attack Overview

The BianLian ransomware group claims to have accessed approximately 100 GB of sensitive data from The Povman Law Firm. This breach includes confidential customer information, financial documents, files from the CEO's personal computer, and various operational and business files. Additionally, the attackers have reportedly compromised mailboxes and both internal and external email correspondence, potentially exposing a wide range of sensitive communications.

BianLian Ransomware Group

BianLian, a rapidly evolving ransomware group, has gained notoriety since its emergence in 2022. Initially appearing as an Android banking trojan, the group has transformed into a sophisticated ransomware operation known for its adaptability and diverse attack strategies. BianLian distinguishes itself by shifting from a double-extortion model to a pure data exfiltration approach, focusing on stealing data and threatening to release it to compel victims to pay.

Potential Vulnerabilities

The Povman Law Firm's vulnerabilities may have stemmed from compromised Remote Desktop Protocol credentials, phishing, or exploiting known vulnerabilities. BianLian's use of custom backdoors, primarily written in Go, allows them to maintain persistence and control over compromised systems. The firm's handling of sensitive legal and personal data makes it an attractive target for ransomware groups like BianLian, which strategically focus on high-value sectors such as legal services.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.