Ransomware Attack on Florence Cement Company by BianLian Group

Florence Cement Company, Inc., a well-established contractor based in Southeastern Michigan, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. The attack, discovered on August 1, compromised 500GB of sensitive data, posing significant operational and reputational challenges for the company.

About Florence Cement Company

Founded in 1966, Florence Cement Company specializes in public and private road construction, offering services such as earth excavation, demolition, sanitary and water systems installation, concrete and asphalt paving, and decorative restoration. With a workforce of approximately 114 employees and annual revenues of around $16.2 million, the company has built a strong reputation for quality workmanship and timely project completion. Their commitment to innovation and sustainability, including the use of recycled concrete paving, sets them apart in the construction industry.

Vulnerabilities and Targeting

Florence Cement's integrated approach as a "turn-key" contractor, managing all aspects of a project, makes them a lucrative target for ransomware groups like BianLian. The company's reliance on advanced technology and extensive data management systems may have presented vulnerabilities that the attackers exploited. The construction sector's increasing digitization and the critical nature of its services make it an attractive target for cybercriminals seeking to disrupt operations and demand ransom.

Attack Overview

The BianLian group, known for its sophisticated ransomware operations, has claimed responsibility for the attack on Florence Cement via their dark web leak site. The group has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. In this instance, the attackers exfiltrated 500GB of sensitive data, leveraging their expertise in compromised Remote Desktop Protocol (RDP) credentials and custom backdoors to infiltrate the company's systems.

About BianLian Ransomware Group

BianLian initially functioned as a banking trojan before transitioning into advanced ransomware operations. The group employs extortion-based strategies, focusing on sectors with sensitive data and financial capacity. Their tactics include using PowerShell and Windows Command Shell for defense evasion and various tools for discovery, lateral movement, collection, exfiltration, and impact. BianLian's shift from a double extortion model to primarily exfiltration-based extortion underscores their evolving threat landscape.

Penetration Methods

BianLian's penetration methods typically involve gaining initial access through compromised RDP credentials, implanting custom backdoors, and using sophisticated techniques for lateral movement and data exfiltration. The group's ability to adapt and evolve their tactics makes them a formidable threat to organizations across various sectors, including construction.

• Florence Cement Company
• ZoomInfo Profile
• SOCRadar: BianLian Profile
• CISA Advisory
• Unit 42: BianLian Threat Assessment