Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BianLian. Show all posts

A New Ransomware Gang BianLian on a Sudden Rise



BianLian has 20 victims 

A new ransomware gang working under the name BianLian surfaced last year and is actively on the rise since then. The group already has a record of twenty victims across various industries (engineering, medicine, insurance, and law). Most of the victim organizations are based in Australia, the UK, and North America.

Cybersecurity firm Redacted published a report regarding the incident, it hasn't attributed the attack to anyone but believes the threat actor "represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business." 

Redacted firm finds the group 

Unfortunately, the Redacted team of experts has found proof that BianLian is now trying to advance its tactics. In August, the experts noticed that a troubling expansion in the rate by which BianLian was bringing new [CBC] servers online. 

"The BianLian group has developed a custom tool set consisting of a backdoor and an encryptor, developing both using the Go programming language," says the report.

The experts currently lack the insight to know the reason for the sudden increase in growth, it may hint that the hacking group is ready to increase its operational tempo, though whatever may be the reason, there isn't much good that comes from a ransomware operator that has resources readily available to him. 

How does BianLian work?

To get initial access into the victim's network, BianLian generally attacks the SonicWall VPN devices, servers that offer remote network access through solutions like Remote Desktop, ProxyShell vulnerability chain 

Once exploited, they deploy either a webshell or a lightweight remote access solution like ngrok as the follow-on payload. Once inside the victim network, BianLian takes upto six weeks to initiate the encryption process. 

As BianLian in the beginning spreads throughout the network, looking for the most important information to steal and find out the most important machines to encrypt, it appears to take steps to reduce observable incidents, via living of the land (LOL) methods to move horizontally. 

In the past, BianLian has occasionally posted teaser information on victim organizations, leaving the victims identities masked, which may have served as an additional pressure mechanism on the victims in an attempt to have them pay the actors ransom demand, says Redacted report.