Tech News
BianLian cyber gang drops encryption-based ransomware
The Australian Cyber Security Centre (ACSC) and the United States’ Cyber Security and Infrastructure Security Agency (CISA) have released updated intelligence on the activities of the dangerous BianLian ransomware operation. The gang has been observed to rapidly evolve their tactics, techniques, and procedures (TTPs).
BianLian, along with LockBit, gained prominence in 2022 following the decline of the Conti crew. Despite its Chinese name, BianLian is believed to be based in Russia. The gang has targeted critical national infrastructure (CNI) operators in Australia, the US, and the UK.
Initially, BianLian used the double extortion model, encrypting victims’ systems and threatening to leak their data if a ransom was not paid. However, in 2023, the gang shifted to encryption-based extortion, leaving systems intact and warning of consequences if payment was not made. Since January 2024, BianLian has exclusively used this method.
The ACSC, FBI, and CISA urge organizations to implement recommended mitigations to reduce the risk of ransomware attacks like BianLian.
New techniques
BianLian has abandoned traditional ransomware locker for encryption and updated its ransom note accordingly. The gang now applies high-pressure tactics, such as sending ransom notes to office printers and making threatening phone calls to employees.
Other updated techniques include targeting public-facing applications, using the ProxyShell exploit chain, implanting custom backdoors, exploiting vulnerabilities like CVE-2022-37969, and evading detection tools by renaming binaries and packing executables using UPX.
To escalate privileges, BianLian leverages various tools like PsExec, RDP, SMB protocol, webshells on Exchange servers, and creating Azure AD accounts.
Know your enemy
Andrew Costis, engineering manager of the Adversary Research Team at AttackIQ, emphasizes the importance of understanding and testing against specific TTPs used by groups like BianLian. The shift to exfiltration-based extortion could be a strategic move by the operators, potentially aiming to target more victims efficiently.
Costis notes that the change in tactics suggests a de-prioritization of encryption and double extortion, indicating a shift in values within the ransomware landscape. It remains to be seen if other groups will follow suit.
5 Amazing Benefits Of Stacking Toy
Nordic founders are taking bigger swings, and it’s paying off
5 Apps To Speed Up Your Google TV Device
Trump threatens ABC News for reporter’s questions on his family business in Saudi Arabia, Khashoggi’s murder and Epstein files
The Best Sunglasses for Travel + Must Have Accessories » Local Adventurer » Travel Adventures in Las Vegas + World Wide
This Silent Habit Might Be Sabotaging Your Career
The Four Types of Happiness: Which One Are You Living In?
Halloween Events in London 2025
Join the peaceful demonstrations for democracy
Cute and Thankful Sayings for the People You Love
Croatia to reintroduce compulsory military draft as regional tensions soar
Singapore Airlines CEO set to join board of Air India, BA News, BA
Supernatural Season 16 Revival News, Cast, Plot and Release Date
How Your Contact Center Can Become A Customer Engagement Center
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
Google Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
Fallout Season 2 Potential Release Date, Cast, Plot and News
15 of the Best Trike & Tricycles Mums Recommend
17 Signs You Travel A Lot
-
Breaking News2 years agoCroatia to reintroduce compulsory military draft as regional tensions soar
-
Destination1 year agoSingapore Airlines CEO set to join board of Air India, BA News, BA
-
Gadgets1 year agoSupernatural Season 16 Revival News, Cast, Plot and Release Date
-
Productivity2 years agoHow Your Contact Center Can Become A Customer Engagement Center
-
Tech News2 years agoBangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Gadgets10 months agoGoogle Pixel 9 Pro vs Samsung Galaxy S25 Ultra: Camera Comparison Review
-
Gaming2 years agoThe Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Gadgets10 months agoFallout Season 2 Potential Release Date, Cast, Plot and News