Nutec Group Targeted by BianLian Ransomware in Major Data Breach

Incident Date: May 23, 2024

Attack Overview

VICTIM

Nutec Group

INDUSTRY

Construction

LOCATION

United Kingdom

ATTACKER

Bianlian

FIRST REPORTED

May 23, 2024

Request Removal

Nutec Group Targeted by BianLian Ransomware in Major Data Breach

Company Overview

Nutec Group, a leading provider of industrial heating solutions, has recently become the latest victim of a ransomware attack by the notorious BianLian group. Founded in 1975, Nutec specializes in innovative and efficient thermal solutions for various industries, helping clients manage heating costs, achieve energy savings, and reduce their carbon footprint. With operations in over 50 countries, Nutec is recognized for its commitment to quality and customer-centric services, particularly in sectors like automotive, aerospace, and petrochemicals.

Details of the Attack

In May 2024, Nutec Group experienced a significant cyberattack executed by the BianLian ransomware group. The attackers exfiltrated approximately 204 GB of sensitive data, including business, client, financial, and technical information. This incident is part of BianLian's broader strategy of leveraging data theft for extortion, rather than the traditional encryption-based ransom demands. The stolen data is being used to pressure Nutec into paying a ransom to prevent the public release of this information.

BianLian: A Growing Threat

BianLian, active since mid-2022, has evolved from a banking trojan to a sophisticated ransomware group focusing on data extortion. The group is known for its aggressive tactics, which include gaining access through compromised Remote Desktop Protocol (RDP) credentials, often obtained via phishing or purchased from initial access brokers. Once inside, BianLian uses custom backdoors and remote management tools like TeamViewer and AnyDesk to maintain control over compromised networks. The group also disables antivirus software and modifies system settings to avoid detection.

Vulnerabilities and Impact

The attack on Nutec highlights significant vulnerabilities in cybersecurity practices, particularly in the use of remote access tools and the management of credentials. BianLian's ability to exploit these weaknesses underscores the need for robust cybersecurity measures, such as regular security audits, restricted use of RDP, and comprehensive employee training on recognizing phishing attempts.

Nutec Group now faces the challenging task of mitigating the impact of this breach, safeguarding its data, and reinforcing its cybersecurity defenses to prevent future incidents.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.