Karvo Companies Hit by BianLian Ransomware, 470GB Data Breached

Incident Date: Jul 26, 2024

Attack Overview

VICTIM

Karvo Companies, Inc.

INDUSTRY

Construction

LOCATION

USA

ATTACKER

Bianlian

FIRST REPORTED

July 26, 2024

Request Removal

Ransomware Attack on Karvo Companies, Inc. by BianLian

Overview of Karvo Companies, Inc.

Karvo Companies, Inc., established in 1989, is a general contractor based in Stow, Ohio, specializing in heavy highway construction and infrastructure development. The company has built a strong reputation for improving highways and communities across Ohio. Their operations include asphalt, concrete, construction, and utilities, which are critical for transportation networks and public works. Karvo Companies is known for its commitment to quality, safety, and community engagement, making it a leader in Ohio's construction sector.

Details of the Ransomware Attack

On July 29, 2024, Karvo Companies, Inc. fell victim to a ransomware attack orchestrated by the BianLian group. The attack resulted in a significant data breach, compromising approximately 470GB of sensitive information. The leaked data includes financial documents, business correspondence, technical documents, and confidential customer and employee information. Critical details such as the business and personal contact information of key executives, including CEO George Karvounides and President Yianni Karvounides, were exposed. With an annual revenue exceeding $6 million, the impact on Karvo Companies could be substantial, affecting their operations and reputation.

Profile of the BianLian Ransomware Group

BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses and organizations globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and employing various tools for discovery, lateral movement, collection, exfiltration, and impact.

Penetration and Impact

BianLian's tactics include exfiltration-based extortion, threatening victims with financial, business, and legal consequences if payment is not made. The group has a broad attack range, focusing on sectors with sensitive data and financial capacity. In the case of Karvo Companies, the attack likely exploited vulnerabilities in their cybersecurity infrastructure, such as weak RDP credentials or insufficient endpoint detection and response solutions. The breach has exposed critical business and personal information, leading to potential financial and reputational damage.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.