As ransomware continues to be a major problem for organizations and victims alike, one group of cybercriminals is changing its tactics. The BianLian group is shifting from encrypting files and demanding a ransom to a model of pure extortion.
BianLian's Shift Away from Ransomware: Avast's Free Decryptor Tool and Go Language Mastery
According to the story by The Register, founded in July of 2022, BianLian has already successfully compromised 118 victims, most of whom are in the US. The impetus for the shift away from ransomware appears to have been the release of a free decryptor tool for victims of BianLian, created by cybersecurity firm Avast.
This tool was partly made possible thanks to BianLian's use of the relatively new programming language "Go," which enables its pseudocode to evade detection and adapt to recent security measures.
Increasing Incentive to Pay Demands by Masking Data and Referencing Legal Issues
Since the release of the decryptor, victims of BianLian have noticed a clear change in approach. The gang is taking steps to prove the veracity of its data supply by masking details and posting victims' data to its leak site within 48 hours of the compromise.
Furthermore, they are doing their research by referencing legal and regulatory issues relating to a potential data breach in the messages they send to victims. The purpose is to increase the pressure and incentive for victims to pay all demands in return for the group's silence rather than secure data release.
BianLian's Evolving Tactics: Establishing Simultaneous Leak Sites and C2 Servers
This shift in tactics has solved the gang's key issue: being able to run the business side of the campaign successfully. With reliable leak sites and the speed with which the data is posted, this dangerous group is only likely to become more and more successful.
Meanwhile, BianLian is continuing its initial attack methods and C2 server deployment - with over 30 new servers being established monthly. This shows that as security measures increase and evolve, so do threat actors' tactics.
Uncovering the true identity of BianLian: An necessary step in security.
Regarding who's behind this group, developers at Redacted seem to have a working theory, though they're not yet ready to reveal who these criminals are. Until this and other security issues can be better addressed, organizations must stay vigilant and continue the fight against cybercriminals.
Awareness of the newest tactics used by groups like BianLian is essential to keeping assets, networks, and personnel safe. A BlackBerry blog also mentioned the risks and impact of the ransomware.
Read Also: FBI Arrests BreachForum Owner for Hacking Agency's Email Servers in 2021
The Shift from Ransomware to Extortion of the BianLian Gang
Clearly, the BianLian gang is a nefarious organization adept at bypassing security measures and executing malicious activities quickly. The threat actors have shifted tactics to maximize their profits, relying on direct extortion instead of encrypting files and demanding ransom.
Organizations must remain vigilant and proactive regarding cybersecurity, from using strong encryption to having frequent backups in case of an attack. While there are lucrative rewards for criminals, the costs to victims can be insurmountable.
Related Article: US Justice Department Now Probing TikTok Over Journalist Spying Case