Tech News
BianLian cyber gang drops encryption-based ransomware
The Australian Cyber Security Centre (ACSC) and the United States’ Cyber Security and Infrastructure Security Agency (CISA) have released updated intelligence on the activities of the dangerous BianLian ransomware operation. The gang has been observed to rapidly evolve their tactics, techniques, and procedures (TTPs).
BianLian, along with LockBit, gained prominence in 2022 following the decline of the Conti crew. Despite its Chinese name, BianLian is believed to be based in Russia. The gang has targeted critical national infrastructure (CNI) operators in Australia, the US, and the UK.
Initially, BianLian used the double extortion model, encrypting victims’ systems and threatening to leak their data if a ransom was not paid. However, in 2023, the gang shifted to encryption-based extortion, leaving systems intact and warning of consequences if payment was not made. Since January 2024, BianLian has exclusively used this method.
The ACSC, FBI, and CISA urge organizations to implement recommended mitigations to reduce the risk of ransomware attacks like BianLian.
New techniques
BianLian has abandoned traditional ransomware locker for encryption and updated its ransom note accordingly. The gang now applies high-pressure tactics, such as sending ransom notes to office printers and making threatening phone calls to employees.
Other updated techniques include targeting public-facing applications, using the ProxyShell exploit chain, implanting custom backdoors, exploiting vulnerabilities like CVE-2022-37969, and evading detection tools by renaming binaries and packing executables using UPX.
To escalate privileges, BianLian leverages various tools like PsExec, RDP, SMB protocol, webshells on Exchange servers, and creating Azure AD accounts.
Know your enemy
Andrew Costis, engineering manager of the Adversary Research Team at AttackIQ, emphasizes the importance of understanding and testing against specific TTPs used by groups like BianLian. The shift to exfiltration-based extortion could be a strategic move by the operators, potentially aiming to target more victims efficiently.
Costis notes that the change in tactics suggests a de-prioritization of encryption and double extortion, indicating a shift in values within the ransomware landscape. It remains to be seen if other groups will follow suit.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend