Republic Shipping Consolidators, a prominent logistics company, finds itself entangled in the web of a cyberattack orchestrated by the notorious BianLian ransomware group. The group has claimed the Republic Shipping Consolidators cyberattack on its dark web channel and brazenly added it to its data leak site, exposing a staggering 117 GB of sensitive information.
The compromised data spans a wide spectrum, including accounting records, budget details, financial data, email and message archives, files extracted from employee PCs, operational and business-related documents, personal information, and technical data.
The severity of this Republic Shipping Consolidators data breach raises concerns not only for the company but also for the individuals and entities associated with the compromised data.
Republic Shipping Consolidators Cyberattack Decoded
The group’s message on the data leak site outlines the extent of their infiltration, emphasizing the financial details with a reported revenue of US$5 million.
The Cyber Express sought a response from Republic Shipping Consolidators regarding this alleged cyberattack, but as of now, no official statement has been issued, leaving the Republic Shipping Consolidators data breach claims unverified.
Interestingly, despite the reported cyberattack, the website for Republic Shipping Consolidators remains operational without immediate signs of compromise. This suggests that the hackers might have targeted the backend of the website, potentially gaining unauthorized access to databases, rather than attacking the front end.
BianLian ransomware group, known for its malicious activities since June 2022, operates as a developer, deployer, and data extortion cybercriminal group. Their targets extend beyond U.S. critical infrastructure sectors to include Australian critical infrastructure, professional services, and property development.
The BianLian Ransomware Group Modus Operandi
The modus operandi of the BianLian group involves gaining access to victim systems through valid Remote Desktop Protocol (RDP) credentials. They employ open-source tools and command-line scripting for discovery and credential harvesting, followed by the exfiltration of victim data through various means, such as File Transfer Protocol (FTP), Rclone, or Mega.
Notably, the group shifted from a double-extortion model to primarily exfiltration-based extortion around January 2023. In the event of a victim refusing to pay the ransom, the BianLian ransomware group resorts to threatening the release of exfiltrated data on a Tor network-based leak site.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) jointly encourage critical infrastructure organizations and small- to medium-sized enterprises to implement recommended mitigations to reduce the likelihood and impact of BianLian and other ransomware incidents.
BianLian group’s tactics include issuing a unique Tox ID for each victim organization and pressuring victims through various means, such as printing ransom notes to compromised network printers and making threatening telephone calls to employees associated with victim companies.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.