Ransomware Attack on Wind Composite Services Group, LLC by BianLian

Victim Overview

Wind Composite Services Group, LLC (WindCom) is a leading provider of wind blade services in North America. With 153 employees and a revenue of $31.3 million, WindCom specializes in wind turbine maintenance and repair services. The company stands out in the industry due to its technical competence, global presence, and extensive database of blade data.

Attack Overview

WindCom has fallen victim to a ransomware attack by the BianLian ransomware group. The attackers managed to exfiltrate 412 GB of sensitive data from WindCom's systems. The stolen data includes finance records, HR information, business data, engineering documents, incident reports, and email correspondence, posing a significant threat to the company's operations and security.

Ransomware Group: BianLian

BianLian is a sophisticated ransomware group known for targeting businesses, governmental organizations, healthcare facilities, and educational institutions globally. The group has evolved from a banking trojan to advanced ransomware operations, emphasizing extortion-based strategies. BianLian distinguishes itself through its exfiltration-based extortion tactics and global reach, with a focus on sectors like healthcare, manufacturing, and legal services.

Penetration and Vulnerabilities

BianLian likely penetrated WindCom's systems through compromised Remote Desktop Protocol (RDP) credentials, implanting custom backdoors for each victim, and using PowerShell and Windows Command Shell for defense evasion. WindCom's extensive database of blade data and sensitive business information made it an attractive target for threat actors seeking financial gain through data exfiltration and extortion.

Sources:

• Wind Composite Services Group, LLC Website
• SocRadar - BianLian Ransomware Group
• CISA - Cybersecurity Advisories
• Palo Alto Networks - BianLian Ransomware Group Threat Assessment
• Quorum Cyber - BianLian Ransomware Report