BianLian Ransomware Hits Basel-Stadt Education

Over a Terabyte of Sensitive Data Exposed On Darknet

On May 9, 2023, the Department of Education of the Canton of Basel-Stadt fell victim to a massive cyberattack orchestrated by the notorious BianLian ransomware group. The cybercriminals successfully infiltrated the department’s systems and exfiltrated the shocking 1.2 terabytes of sensitive data. According to cyber criminals’ the data includes that of human resources, finance, accounting, and financial records, as well as personal information of students and employees.

BianLian ransomware darknet blog

A Brief Overview of BianLian Ransomware

BianLian emerged in 2019 as a strain of malware focusing on Android devices, initially operating as a banking trojan. Later on, BianLian appeared as a ransomware and first been detected in the wild in July 2022. The ransomware now targets a wide range of organizations and industries, including healthcare, finance, and government sectors.

Some of the most notable victims of BianLian ransomware include: Läderach, Baer’s, NewYorker, IDEXX, Meriton, ISGEC Heavy Engineering, Aarti Drugs Ltd, St. Rose Hospital and others.

BianLian ransomware typically infiltrates its victims’ systems through phishing emails, malicious attachments, or compromised websites. Once inside, the malware encrypts the victim’s files, rendering them inaccessible. As of January 2023, Avast released a free decryptor to help victims recover files encrypted by the ransomware. BianLian has shifted it’s tactics and now attempts to monetize its breaches without encrypting the victim’s files. Instead, it now solely relies on threatening to leak the stolen data.

The Department of Education of the Canton of Basel-Stadt: A High-Profile Victim

The Department of Education of the Canton of Basel-Stadt is the largest of the seven departments in the canton, employing approximately 7,000 people in over 200 professions. With an annual budget of around one billion Swiss francs, the department oversees the administration and operation of primary, secondary, and tertiary education institutions, as well as vocational training and adult education programs.

Photo by Susan Q Yin

As the breach’s scale became apparent, the department’s officials scrambled to contain the damage and assess the extent of the compromised data. As a result of the attack, several high-ranking officials had their contact information exposed on the attackers’ dark web site. For instance, Head of Universities Simon Aeberhard’s business phone number and email address were listed, while Head of Elementary Schools Urs Bucher had both his business and personal email addresses compromised. Similarly, Security Incident Manager Florian Schnettelker’s business email and phone number were also exposed.

Given the sensitive nature of the stolen data, the incident raises concerns and highlights the growing threat posed by ransomware to public institutions worldwide.

The Aftermath: Assessing the Damage and Addressing Security Concerns

The astonishing 1.2Tb of data belonging to the Department of Education are now online and practically open to anyone for download. With the stolen data being readily available on the dark web, the affected individuals are at risk of identity theft, fraud, and other forms of cybercrime.

In the case of the Department of Education of the Canton of Basel-Stadt, the attack has undoubtedly caused significant disruption and distress for the affected students, employees, and their families. As the department works to restore its systems, it must also prioritize the implementation of stronger security measures to prevent future breaches. This includes, for instance, employee training on phishing scams and other common attack vectors, regular audits of the department’s systems, and the implementation of multi-factor authentication and other security protocols.

The BianLian ransomware attack on the Department of Education of the Canton of Basel-Stadt serves as a wake-up call for all organizations, highlighting the importance of proactive cybersecurity measures and the need for constant vigilance in a world where cyber threats continue to evolve. Here in Kaduu we believe that by learning from this incident and investing in robust security practices, organizations can better protect their systems, data, and, most importantly, the people they serve.

If you liked this article, we advise you to read our previous article about recent ransomware attack on CH Media. Follow us on Twitter and LinkedIn for more content.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.