Ransomware Attack on Payne & Jones by BianLian Ransomware Group
Ransomware Attack on Payne & Jones by BianLian Ransomware Group
Victim Overview
Payne & Jones, a law firm with a revenue of $7.2 million, specializes in providing legal services in areas such as business law, real estate law, estate planning, and civil litigation. The firm is based in the United States, primarily serving the Greater Kansas City Area. Payne & Jones, Chartered, has a long history dating back to 1926 and is known for its tradition of excellence and strong reputation in the Kansas City area.
Company Profile
Payne & Jones, Chartered is a law firm that provides legal services in various areas, including business, estate, family, and litigation. The firm has a diverse practice group that represents businesses across various industries and has handled business matters all over the country.
Standout Features
Payne & Jones, Chartered stands out in the industry due to its diverse practice group that caters to businesses in various sectors. The firm's tradition of excellence and strong reputation in the Kansas City area make it a trusted legal partner for many clients.
Company Vulnerabilities
Being a law firm dealing with sensitive legal information, Payne & Jones is vulnerable to cyber threats, especially ransomware attacks. The firm's extensive data, including finance records, HR information, legal documents, and clients' personally identifiable information, makes it an attractive target for threat actors seeking to extort sensitive data for financial gain.
Attack Details
The BianLian ransomware group targeted Payne & Jones in a recent attack, extracting 1.65 TB of critical data from the firm's systems. The compromised data includes finance records, HR information, legal documents, clients' personally identifiable information, and extensive email correspondence. This breach poses significant financial and reputational risks to the firm.
Ransomware Group Overview
BianLian is a sophisticated ransomware group known for targeting businesses, governmental organizations, healthcare facilities, and educational institutions globally. The group has evolved from a banking trojan to advanced ransomware operations, emphasizing extortion-based strategies and exfiltration of sensitive data to threaten victims into making payments.
Penetration Tactics
BianLian gains initial access through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors specific to each victim, and using various tools for discovery, lateral movement, and data exfiltration. The group's tactics include defense evasion using PowerShell and Windows Command Shell, making them difficult to detect and mitigate.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!