The BianLian Ransomware gang has taken responsibility for an alleged cyber attack on the Piramal Group, a prominent Indian business conglomerate. The cyber attack was reported by the ThreatMon Threat Intelligence team on June 28, 2023, and has been confirmed by Falcon Feeds, a threat intelligence service.
The Piramal Group operates in various sectors such as pharmaceuticals, healthcare, and financial services, and is known for its significant contributions to these industries on a global scale. However, the group has not yet released an official statement regarding the cyber attack.
The Cyber Express, a reputable news outlet, has reached out to the Piramal Group’s Corporate Communications and Investor Relations & Sustainability teams to obtain an official confirmation of the attack by the BianLian ransomware gang. As of now, they have not received a reply.
The BianLian ransomware gang, known for its extensive list of victims, has claimed responsibility for the cyber attack on the Piramal Group. However, the gang’s leak site post does not specify which division of the Piramal Group was targeted in the attack. The threat actor behind the attack claims to have gained access to a vast amount of data, including financial information, accounting information of other companies, project data, technical details, and personal information.
The Piramal Group encompasses several key divisions, including Pharmaceuticals, Financial Services, Real Estate, and Philanthropy. The pharmaceutical division focuses on the development and manufacturing of innovative medicines and healthcare products, while the financial services division offers a wide range of financial solutions. The group’s real estate division is involved in the development of residential, commercial, and mixed-use properties, and the philanthropic arm, the Piramal Foundation, works towards making a positive and sustainable impact on society.
The BianLian ransomware gang has been active since at least 2019 and is known for employing multiple tactics to gain access to victims’ networks, including phishing emails, exploit kits, and remote desktop protocol (RDP) brute-force attacks. The gang has recently shifted its focus to exfiltrating data and threatening to release it unless a ransom is paid. They have been observed using various techniques throughout their attack lifecycle, such as implanting custom backdoors, installing remote management and access software, and disabling antivirus tools to evade detection.
In the case of the Piramal Group cyber attack, the group has encrypted the victim’s files with a distinct “.bianlian” extension and left a ransom note in each affected directory. If the victim refuses to pay the ransom, the BianLian gang threatens to publish the exfiltrated data on a leak site maintained on the Tor network.
The activities of the BianLian ransomware gang have caught the attention of international cybersecurity organizations. In May, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Cyber Security Centre (ACSC) issued a joint cybersecurity advisory highlighting the activities of the gang. The advisory warned organizations to be vigilant and take necessary precautions to protect their networks and data.
As the Piramal Group continues to navigate the aftermath of the cyber attack, it is crucial for businesses across industries to prioritize cybersecurity measures to prevent falling victim to similar attacks. The threat landscape is constantly evolving, and organizations must stay proactive in their efforts to safeguard their digital assets and sensitive information.