BianLian ransomware gang shifts focus to pure data extortion


Level 33
Thread author
Top Poster
Content Creator
Malware Tester
Sep 2, 2021
The BianLian ransomware group has shifted its focus from encrypting its victims' files to only exfiltrating data found on compromised networks and using them for extortion.

This operational development in BianLian was reported by cybersecurity company Redacted, who have seen signs of the threat group attempting to craft their extortion skills and increase the pressure on the victims.

BianLian is a ransomware operation that first appeared in the wild in July 2022, successfully breaching multiple high-profile organizations.

In January 2023, Avast released a free decryptor to help victims recover files encrypted by the ransomware.

Recent BianLian attacks​

Redacted reports that BianLian operators have kept their initial access and lateral movement techniques the same and continue to deploy a custom Go-based backdoor that gives them remote access on the compromised device, albeit a slightly improved version of it.

The threat actors post their victims in masked form as quickly as 48 hours after the breach on their extortion site, giving them roughly ten days to pay the ransom.

As of March 13, 2023, BianLian has listed a total of 118 victim organizations on their extortion portal, with the vast majority (71%) being U.S.-based companies.


About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.