The notorious BianLian ransomware group has expanded its list of victims, adding the name of Air Sino-Euro Associates (ASA Holidays). The alleged ASA Holidays cyberattack has exposed a humungous amount of the company’s data, risking the privacy and security of its employees and clients.
Although no official confirmation of the alleged cyberattack on ASA Holidays has been published by the company, the ransomware group BianLian has boldly claimed to have extracted a huge amount of sensitive data.
The Cyber Express team, while researching the alleged attack, checked out the website for any form of disruptions or malfunctioning. However, the website seems to be operational at the moment and doesn’t show any sign of the attack.
We have also reached out to ASA Holidays for an official confirmation of the details of the alleged cyberattack. Still, an official comment wasn’t available at the time of writing this report.
Decoding ASA Holidays Cyberattack Claims
According to the screenshot of a dark web post by the BianLian ransomware group’s leak portal, published on X, the BianLian ransomware group-led alleged cyberattack on ASA Holidays has possibly exposed around 736 GB of the company’s data. This has led to a data leak risk for a massive travel agency worth millions.
The data stolen by the BianLian Ransomware group in the alleged ASA Holidays cyberattack contains the company’s finance-related data, human resource details, and clients’ and partners’ business information. The alleged cyberattack has also exposed the company’s private personal data, internal and external correspondence, and SQL databases.
As per the updates at the time of writing this report, the data of ASA Holidays has not been published and no specific deadline of ransom amount has been assigned for publishing the data extracted from the alleged cyberattack.
Who is the BianLian Ransomware Group?
US cyber defense agency CISA has been closely following the BianLian ransomware group and has published an advisory report on the same. Since June 2022, companies in several crucial infrastructure sectors in the United States have been the target of BianLian, a cybercriminal outfit that develops, deploys, and demands data using ransomware.
They have also targeted essential infrastructure industries in Australia. The group accesses target systems using legitimate Remote Desktop Protocol (RDP) credentials. For credential harvesting and discovery, it employs command-line scripting and open-source tools. Finally, it uses File Transfer Protocol (FTP), Rclone, or Mega to exfiltrate victim data.
Actors from the BianLian group then threatened to release data to extract money. Before switching to mainly exfiltration-based extortion around January 2023, the BianLian group used a double-extortion methodology in which they first encrypted the victims’ systems after exfiltrating the data.
Impact of the Cyberattack on ASA Holidays
The alleged ASA Holidays cyberattack, if proven true can have serious consequences across multiple aspects of its business operations.
Firstly, the compromise of sensitive customer information, such as personal data and payment details, could lead to a damaging data breach. Beyond eroding customer trust, this may result in legal repercussions and financial losses for both affected individuals and the company.
Secondly, the operational disruption caused by the cyberattack might impact essential services, such as online booking systems and communication channels. This downtime could lead to substantial financial losses and adversely impact the company’s reputation, especially if customers experience difficulties in utilizing ASA Holidays’ services.
Thirdly, in addition to the immediate impacts, the financial toll could extend to theft of company funds, payment related fraud, and the expenses associated with recovering from the attack.
Lastly, the reputational damage stemming from negative publicity and social media backlash could further exacerbate the company’s woes. Legal and regulatory repercussions may also arise due to violations of data protection laws, potentially leading to penalties and legal actions.
Moreover, the indirect effects on the supply chain, such as disruptions to third-party vendors providing critical services, and increased insurance costs further compound the multifaceted challenges that the company would face in the aftermath of the cyberattack on ASA Holidays.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
