Ransomware Attack on Hunter Dickinson Inc. by BianLian

Hunter Dickinson Inc. (HDI), a prominent private mining group based in Vancouver, Canada, has recently fallen victim to a ransomware attack orchestrated by the notorious hacking group BianLian. The attack has resulted in the exfiltration of 9.5 TB of sensitive data, significantly impacting the company's operations and reputation.

About Hunter Dickinson Inc.

Established in 1985, HDI specializes in acquiring, developing, and operating mineral properties. The company is known for its strategic approach to mineral exploration and development, encompassing the entire lifecycle from initial acquisition to mine operations. HDI has been involved in numerous successful mining ventures across various continents, focusing on precious and base metals. The firm employs approximately 60 people and reported annual revenue of $36.7 million.

Attack Overview

The ransomware group BianLian claims to have exfiltrated a wide array of sensitive information from HDI, including data from multiple affiliated companies, financial records, human resources data, and information pertaining to partners and vendors. Additionally, engineering data, incidents and injuries reports, litigation documents, restricted data, geological data, and mining field data from various regions were compromised. The breach also extended to mailboxes, email correspondence, and databases, indicating a significant and comprehensive data exfiltration.

About BianLian

BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.

Penetration and Impact

BianLian's tactics include exfiltration of sensitive data, leading to significant financial and reputational consequences for compromised organizations. The group's shift towards exfiltration-based extortion underscores the evolving threat landscape posed by ransomware groups. HDI's extensive network and global operations made it a lucrative target for BianLian, which capitalized on potential vulnerabilities in the company's cybersecurity measures.

Sources

• Hunter Dickinson Inc. Official Website
• SOCRadar: Threat Actor Profile - BianLian
• CISA: Cybersecurity Advisories
• Unit 42: BianLian Ransomware Group Threat Assessment