Research report on BianLian ransomware

B2B Cyber ​​Security ShortNews

Share post

The group behind the BianLian ransomware is relatively unknown. However, it is already one of the top 10 most active ransomware gangs in 2023. Companies in industry and healthcare are particularly the focus of the group.

Palo Alto Networks' Unit 42 team today released a new research report on the group behind the BianLian ransomware. This is one of the top 42 most active ransomware gangs in 10, according to leak site data analysis by Unit 2023.

The report shows key findings about BianLian. The group primarily targets the healthcare, manufacturing and professional and legal services sectors. Their attacks took place primarily in North America, but were also observed in the EU and India.

BianLian: More blackmail without encryption

The group went straight from a “double extortion” scheme to stealing data in order to get victims to pay up (instead of encrypting their victims’ assets for the time being). After all, encrypting and decrypting as well as maintaining the C2 server is very time-consuming. Platforms like NoMoreRansom also offers more and more decryption tools

Unit 42 observed that the BianLian group shares a small, customized custom .NET executable with the Makop ransomware group, suggesting a possible connection between the groups. It is noticeable that the NET tool contains some words in Russian, e.g. B. contains the numbers one to four. Both groups also used the same hash from the publicly available Advanced Port Scanner tool.

Unit 42 Incident Responders have handled multiple BianLian ransomware incidents since the group emerged in September 2022. The rise of the group probably causes an expansion. The group's leak site at least suggests that they are looking for new developers and members there.

More at


About Palo Alto Networks

Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more