This cybercrime gang will now stop at nothing to extort money using your private data
BianLian ransomware group is ditching its encryptor
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Aransomwaregroup known as BianLian has decided to part ways with its encryptor and focus solely on data theft and extortion instead, experts are reporting,
A new report from cybersecurity researchers Redacted spotted BianLian attempting to extort businesses for money - without encrypting their endpoints first.
The researchers are now speculating as to what motivated BianLian to change course, with two scenarios emerging as the most likely ones.
Decryptor released
“The group promises that after they are paid, they will not leak the stolen data or otherwise disclose the fact the victim organization has suffered a breach. BianLian offers these assurances based on the fact that their “business” depends on their reputation,” Redacted said in itsanalysis.
“In several instances, BianLian made reference to legal and regulatory issues a victim would face were it to become public that the organization had suffered a breach. The group has also gone so far as to include specific references to the subsections of several laws and statutes.”
The researchers have also found that the laws and statutes BianLian refers to are often localized, and very relevant to the victim. That made them conclude that the group is looking to improve its negotiation skills in order to extort as much money as possible.
When trying to explain why the group decided to ditch the encryptor, two possible explanations came up. The first one is that the group realized that infecting the endpoints with ransomware and running the entire operation is too time-consuming, too costly and, at the end of the day - redundant. With the right extortion skills, stealing data is enough for a successful attack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
You’re a ransomware victim: Here’s 5 things you should do>What is ransomware and how does it work?>Here’s our rundown of the best endpoint protection software at the moment
The second one is that the group hasn’t adapted properly since Avast released a free decryptor in January this year. When that happened, the threat actor explained that the decryptor wasn’t that disruptive as it only worked on older versions of the ransomware, and would actually corrupt files encrypted by the newer versions.
As of a week ago,BleepingComputerreports, BianLian has almost 120 victims on its extortion portal. The majority (71%) are US-based.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
