BianLian Ransomware Strikes Lindsay Municipal Hospital: Another US Institution Under Attack

March 11, 2024 – Published on The Cyber Express

The Lindsay Municipal Hospital cyberattack has been claimed by the BianLian ransomware group. This nefarious organization, known for its disruptive tactics, allegedly breached the security measures of the hospital’s system, adding another institution to its list of targets within the United States.

Accompanying their hospital cyberattack claims were brief insights into the Lindsay Municipal Hospital’s profile and its history of service to the Lindsay community and its surrounding areas.

The hospital, boasting a 26-bed acute care facility, also housed a Level IV emergency department, a full-service laboratory, and a radiology department offering essential services such as x-rays, ultrasounds, and CT scans.

BianLian, a ransomware group, has been targeting critical infrastructure sectors in the U.S. and Australia since June 2022. They exploit RDP credentials, use open-source tools for discovery, and extort data via FTP or Rclone. FBI, CISA, and ACSC advise implementing mitigation strategies to prevent ransomware attacks.

Moreover, a detailed analysis by GuidePoint Security’s GRIT team sheds light on BianLian’s modus operandi. According to the report by Drew Schmitt, BianLian’s PowerShell backdoor, is linked to TeamCity vulnerabilities, providing insights into their tactics. The analysis reveals BianLian’s use of a novel PowerShell backdoor, its exploitation of TeamCity flaws, and attribution methods.

Read More HERE.