View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 17, 2023

Has a leading UK jeweller fallen victim to ransomware gang BianLian?

The group claims to have stolen gigabytes of data from a leading jewellery chain, and has given it "weeks" to pay the ransom.

By Claudia Glover

Ransomware group BianLian claims to have carried out a cyberattack on a UK-based jeweller with an annual revenue of over $100m. Although the gang has not named the company concerned, it says it has stolen 600Gb of data from its systems, including network user folders and files from the software it uses.

An unnamed UK jeweller has been posted to blog of the BianLian ransomware gang. (Photo by grafvision/Shutterstock)

According to the post, the company has been given “weeks” before the data will be made available. “Contact us if you want to get it or if you want to protect it,” it says.

Is BianLian’s latest victim a UK company?

Though it does not name the company involved, BianLian says its victim has over 100 stores in the UK and an annual revenue of over $100m.

According to a teaser of the name at the top of the document, the named of the impacted company is * *i***. High street jeweller F Hinds has over 115 stores in the UK and reported just over $98m in revenue last year. Tech Monitor has contacted the company to find out if it has suffered a cyberattack.

The cybercriminal group claims to have lifted a list of files from the company, which it believes are valuable enough to catch their attention. Among these files are network user folders, file server data, company software and vendor and supplier information. 

The gang has said that the data will be posted within a matter of weeks if the company does not get in contact. 

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

BianLian ransomware gang gets busy

This week BianLian has also posted a telecommunications services company in “the Asia region”, with a revenue of over $500m, alongside claims of a data leak of 1.2 terabytes of information.

Earlier this year the US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory concerning BianLian, calling it a “ransomware developer, destroyer and data extortion cybercriminal group that has targeted organisations in multiple US critical infrastructure sectors since June 2022.”

Allan Liska, head of the cybersecurity incident response team at security vendor Recorded Future, believes there could be a link between the groups BianLian and Pysa, as they appear to have similar attack patterns with matching posts. Pysa, also known as Mespinoza, targets victims in the UK and US, according to a warning by the FBI. “I have only seen a couple of people make the connection between Pysa ransomware and BianLian, but looking at victims published to their data leak sites, the contrast is pretty stark,” he said.

BianLian changed its tactics at the beginning of this year, CISA warned, from the double extortion model, where a cybercriminal will lift sensitive data to blackmail a company with, before encrypting its files to hold its business hostage, to solely exfiltrating sensitive data.

Hüseyin Can Yuceel, a security researcher at Picus Security told Tech Monitor earlier this year that BianLian is not the only ransomware gang engaged in encryption-less ransomware. “We observed a significant rise in encryption-less extortion attacks that only relies on the exfiltration of sensitive data,” he said. “Although these attacks do not leverage the power of cryptographic encryption algorithms, they still pose significant risks to organisations.”

He added that: “In encryption-less extortion attacks, threat actors steal their victims’ confidential data and threaten to disclose stolen data unless the demanded ransom is paid.”

Read more: Progress Software faces class action lawsuit over MOVEit Transfer vulnerability

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.