Ransomware Attack on Western Supplies, Inc. by BianLian Group

Western Supplies, Inc., a prominent supplier in the pipeline industry, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. This attack has significant implications for the company's operations and reputation, given its critical role in the construction sector.

Company Overview

Established in 1970 and headquartered in Iowa Park, Texas, Western Supplies, Inc. specializes in providing a wide array of products and services tailored to the pipeline sector. The company offers both sales and rental options for essential pipeline equipment, including boring machines, augers, sandblasting equipment, and various testing tools. With a workforce of 11 to 50 employees, Western Supplies generates an estimated annual revenue ranging from $1 million to $5 million. The company is renowned for its exceptional customer service and high-quality products, making it a trusted partner in the industry.

Attack Overview

The BianLian ransomware group has claimed responsibility for the attack on Western Supplies via their dark web leak site. The attack has compromised the company's operations, potentially affecting its ability to serve its extensive client base. Given Western Supplies' reputation and operational efficiency, the breach could have significant repercussions on its standing in the industry.

About BianLian Ransomware Group

BianLian is a rapidly evolving ransomware group that emerged in 2022. Initially appearing as an Android banking trojan in 2019, the group has transformed into a sophisticated ransomware operation known for its adaptability and diverse attack strategies. The name "BianLian" refers to the traditional Chinese art of "face-changing," symbolizing the group's ability to shift tactics fluidly. BianLian employs a multi-stage attack methodology, often beginning with initial access through compromised Remote Desktop Protocol (RDP) credentials, phishing, or exploiting vulnerabilities like ProxyShell.

Penetration and Vulnerabilities

BianLian's attack on Western Supplies likely involved gaining initial access via stolen RDP credentials or phishing. Once inside the network, the group uses custom backdoors, primarily written in Go, to maintain persistence and control over the compromised systems. They utilize PowerShell and Windows Command Shell to disable antivirus tools and evade detection, gathering intelligence about the victim's network to enable further exploitation. The shift from a double-extortion model to a pure data exfiltration model reflects BianLian's evolving tactics, focusing on stealing data and threatening to release it to compel victims to pay.

• Western Supplies, Inc.
• BianLian Ransomware Group Threat Assessment
• Threat Actor Profile: BianLian
• BianLian Ransomware Victimology and TTPs
• CISA Cybersecurity Advisories