Ransomware Attack on Thompson Davis & Co. by BianLian Group

Thompson Davis & Co., an asset management firm based in Richmond, Virginia, has recently fallen victim to a ransomware attack orchestrated by the notorious BianLian group. This incident underscores the increasing threat posed by ransomware groups targeting financial institutions.

About Thompson Davis & Co.

Established in 2002, Thompson Davis & Co. specializes in providing tailored financial solutions to individuals, families, and businesses. The firm offers a comprehensive suite of services, including wealth management, financial planning, and institutional equity research. With a boutique model, the company emphasizes personalized service, maintaining direct communication with clients to ensure their financial goals are met. Employing between 11 to 50 individuals, Thompson Davis & Co. prides itself on its commitment to integrity and ethical standards.

Attack Overview

The BianLian group successfully infiltrated Thompson Davis & Co.'s systems, encrypting critical data and demanding a ransom for its release. The attack was publicly claimed by BianLian on their dark web leak site, highlighting the firm's vulnerabilities in cybersecurity. The exact method of infiltration remains unclear, but it is likely that compromised Remote Desktop Protocol (RDP) credentials or phishing attacks were used to gain initial access.

About the BianLian Group

BianLian is a sophisticated ransomware group known for its evolution from a banking trojan to advanced ransomware operations. The group employs extortion-based strategies, often threatening victims with financial, business, and legal consequences if the ransom is not paid. BianLian has a global reach, with a significant focus on North America and Europe, particularly targeting sectors with sensitive data and financial capacity.

Penetration Tactics

BianLian distinguishes itself through its use of custom backdoors, PowerShell, and Windows Command Shell for defense evasion. The group employs various tools for discovery, lateral movement, collection, exfiltration, and impact. In the case of Thompson Davis & Co., the attackers likely exploited vulnerabilities in the firm's cybersecurity infrastructure, such as weak RDP credentials or insufficient email security measures, to gain access to their systems.

Implications for Thompson Davis & Co.

This ransomware attack has significant implications for Thompson Davis & Co., potentially affecting their reputation, financial stability, and client trust. The firm must now navigate the complexities of data recovery and potential ransom negotiations while reinforcing their cybersecurity measures to prevent future incidents.

• Thompson Davis & Co.
• SOCRadar - BianLian Profile
• CISA - BianLian Advisory
• Unit 42 - BianLian Threat Assessment