Ransomware Attack on Critchfield and Johnston by BianLian

Victim Overview

Critchfield and Johnston, a law firm based in Akron, Ohio, specializing in business law, real estate, and litigation, recently fell victim to a ransomware attack by the sophisticated group BianLian. The firm, operating since 1950, boasts a team of experienced attorneys providing legal services to clients in Ohio and surrounding states. With a revenue of $9.8 million, Critchfield and Johnston is considered a standout in the legal industry for its expertise in business law and real estate transactions.

Attack Details

The cyberattack compromised 4.7 TB of sensitive data, including financial records, HR data, incidents and case files, court and litigation data, exhibits, personal identifiable information (PII), personal health information (PHI), internal and external email correspondence, and various databases. Data from the Heartland Title Agency's corporate network was also affected, posing serious risks to the firm's clients and internal operations.

Ransomware Group BianLian

BianLian is a sophisticated ransomware group that has evolved from targeting individual users to launching high-profile attacks on businesses globally. The group focuses on sectors with sensitive data and financial capacity, including legal services, among others. BianLian gained initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and employing various tools for discovery, lateral movement, and exfiltration.

Sources:

• CISA - Cybersecurity Advisories
• IC3 - Media News
• Palo Alto Networks - Threat Assessment