The BianLian ransomware group has shifted its focus from encrypting its victims' files to only exfiltrating data found on compromised networks and using them for extortion.
This operational development in BianLian was reported by cybersecurity company
Redacted, who have seen signs of the threat group attempting to craft their extortion skills and increase the pressure on the victims.
BianLian is a ransomware operation that first appeared in the wild in
July 2022, successfully breaching multiple high-profile organizations.
In January 2023,
Avast released a free decryptor to help victims recover files encrypted by the ransomware.
Recent BianLian attacks
Redacted reports that BianLian operators have kept their initial access and lateral movement techniques the same and continue to deploy a custom Go-based backdoor that gives them remote access on the compromised device, albeit a slightly improved version of it.
The threat actors post their victims in masked form as quickly as 48 hours after the breach on their extortion site, giving them roughly ten days to pay the ransom.
As of March 13, 2023, BianLian has listed a total of 118 victim organizations on their extortion portal, with the vast majority (71%) being U.S.-based companies.
