One of the nastiest ransomware groups around may have a whole new way of doing things

News
By published

BianLian is changing the way it extorts money

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • CISA updates advisory on BianLian, originally published in May 2024
  • Agency claims the group is moving away from deploying the encryptor
  • Instead, BianLian exfiltrates sensitive data and threatens to release it

The infamous BianLian ransomware group has stopped deploying an encryptor on victim devices, and now focuses exclusively on data exfiltration, an updated security advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), and partner agencies has warned.

CISA, alongside the FBI and Australian Cyber Security Centre, first published an in-depth report on BianLian in May 2024 as part of its #StopRansomware effort, detailing the group’s techniques, tactics, and procedures, but this has now been updated with new information, including the changes to the group’s modus operandi.

As it turns out, BianLian no longer encrypts the information on the endpoints of its victims. Rather, it just steals the data, and then demands payment in exchange for not leaking it to the public.

This is a change that the cybersecurity community has been warning about for quite some time now, and BianLian is hardly the only group that is no longer deploying the encryptor.

As it turns out, developing, maintaining, and deploying the encryption software is too tedious, too cumbersome, and too expensive. In terms of money extortion, simple data exfiltration yields the same results, anc crooks are taking notice.

The agencies also say BianLian is a Russian actor, based in the country, and with Russian affiliates. If the name threw you off, and made you think the group is likely Chinese (or elsewhere in the far East, for that) - that is intentional.

“The reporting agencies are aware of multiple ransomware groups, like BianLian, that seek to misattribute location and nationality by choosing foreign-language names, almost certainly to complicate attribution efforts,” the report claims.

In the past, the group was observed targeting organizations in the US critical infrastructure sector, and private enterprises in Australia.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
data recovery
Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn
Lock on Laptop Screen
Clop ransomware lists Cleo cyberattack victims
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
59 organizations reportedly victim to breaches caused by Cleo software bug
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Tadej Pogačar celebrates crossing the line first in the 2024 Volta Ciclista a Catalunya

Volta Ciclista a Catalunya live stream 2025: how to watch the World Tour stage race
See more latest
Most Popular
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD
Asus Vivobook 18
The Asus Vivobook 18 is the only affordable 18-inch laptop right now, and it comes with a powerful CPU no other laptop has
Peter Claffey as Ser Duncan the Tall in The Knight Of The Seven Kingdoms
A Knight Of The Seven Kingdoms: The Hedge Knight – everything we know so far about HBO's Game of Thrones prequel
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework