Ransomware Attack on Benson Kearley IFG by BianLian Group

Benson, Kearley & Associates Insurance Brokers Ltd. (BK&A), a prominent insurance brokerage firm, recently fell victim to a ransomware attack orchestrated by the BianLian group. The cybercriminals claim to have exfiltrated 1.4 TB of sensitive data, including customer data banks, medical, business, auto, and cyber insurance policies, passports and IDs, confidential company paperwork, operational data, audit data, business files, accounting data, HR folders, file server data, and network users' folders.

Company Profile

Established in 1969, BK&A is headquartered in Newmarket, Ontario, with additional offices in Mississauga and Markham. The company specializes in a comprehensive range of insurance and financial services, serving both personal and commercial clients. BK&A is recognized for its strategic growth through acquisitions, particularly under the leadership of CEO Stephen Kearley. The firm employs around 89 individuals and generates an annual revenue of approximately $20.9 million.

What Makes BK&A Stand Out

BK&A is known for its customer-centric approach, offering tailored insurance solutions to meet the diverse needs of its clients. The company leverages partnerships with various insurance companies to provide more options and better coverage. This focus on customer service, combined with a strategic growth plan, has allowed BK&A to maintain a competitive edge in the insurance industry.

Attack Overview

On August 12, BK&A disclosed the cybersecurity incident, acknowledging its impact on their operations and some customer information. In response, the company took immediate steps to secure their network, including taking many systems offline as a precaution. They also engaged third-party cybersecurity experts and external legal counsel to investigate the breach and oversee their response. BK&A has begun notifying affected customers and is working to identify those whose information may have been compromised.

About BianLian Group

BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses, governmental organizations, healthcare facilities, and educational institutions globally. Initially functioning as a banking trojan, BianLian transitioned into advanced ransomware operations, emphasizing extortion-based strategies. The group gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim.

Penetration Tactics

BianLian employs various tools for discovery, lateral movement, collection, exfiltration, and impact. The group has shifted from a double extortion model to primarily exfiltration-based extortion, threatening victims with financial, business, and legal consequences if payment is not made. This shift underscores the evolving threat landscape posed by ransomware groups like BianLian.

• BKIFG - About
• Scaleups - Growth Strategy
• SOCRadar - BianLian Profile
• CISA - Cybersecurity Advisories