The notorious BianLian ransomware group has once again wreaked havoc, adding four more victims to their dark web portal. Among the targeted organizations are Griffing & Company, P.CDow Golub Remels & Gilbreath, International Biomedical, and Jebsen Group. 
The BianLian ransomware attack was accompanied by a message on their dark web channel, hinting at a surge in demand for their nefarious services.
Despite the BianLian ransomware attack claims, the website for all the alleged victims seems to be operational at the moment and doesn’t show any immediate signs of the cyberattack. 
Interestingly, these alleged victims don’t share anything particular between them, which further drifts the group’s attention and motivation for this BianLian ransomware attack spree.
BianLian Ransomware Attack: 4 New Victims Added 
Source: Twitter
With their attack pattern, the BianLian ransomware group seems to be targeting organizations without any proper agenda or internal motivations. These four alleged victims fall into that category because they belong to different regions. 
The first victim, Jebsen Group, operates in marketing, investment, and distribution. Headquartered in Hong Kong, it has a presence in Mainland China and Macau, with four distinct business lines.
International Biomedical Ltd, the second victim, has been catering to the global healthcare market for over 35 years, offering innovative solutions for newborns, the critically ill, and their families.
Griffing & Company, P.C., the third victim, is a Public Accounting and Consulting Firm established in 1987. They provide a comprehensive range of services, including accounting setups, tax planning, audits, and litigation support. 
The final victim, Dow Golub Remels & Gilbreath, is a reputable law firm based in Houston, Texas. They specialize in various types of civil litigation, appeals, employment law, and real estate transactions. Their partners are experts in Commercial Real Estate Law, Labor and Employment Law, and Civil Trial Law. 
BianLian Ransomware Group’s Modus Operandi
The Cyber Express has been in contact with the affected organizations in the wake of this BianLian ransomware attack. As of now, no official statements or responses have been issued, leaving the claims surrounding this attack unverified.
According to the Cybersecurity and Infrastructure Security Agency (CISA), BianLian is a cybercriminal group with a grim track record. Since June 2022, they have been targeting organizations across various critical infrastructure sectors in the U.S.
They have also set their sights on Australian critical infrastructure sectors, as well as professional services and property development. The group’s entry into victim systems is facilitated through valid Remote Desktop Protocol (RDP) credentials.
They employ open-source tools and command-line scripting for discovery and credential harvesting, culminating in the exfiltration of victim data through File Transfer Protocol (FTP), Rclone, or Mega.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.