The group behind the BianLian ransomware is relatively unknown. However, it is already one of the top 10 most active ransomware gangs in 2023. Companies in industry and healthcare are particularly the focus of the group.
Palo Alto Networks' Unit 42 team today released a new research report on the group behind the BianLian ransomware. This is one of the top 42 most active ransomware gangs in 10, according to leak site data analysis by Unit 2023.
The report shows key findings about BianLian. The group primarily targets the healthcare, manufacturing and professional and legal services sectors. Their attacks took place primarily in North America, but were also observed in the EU and India.
BianLian: More blackmail without encryption
The group went straight from a “double extortion” scheme to stealing data in order to get victims to pay up (instead of encrypting their victims’ assets for the time being). After all, encrypting and decrypting as well as maintaining the C2 server is very time-consuming. Platforms like NoMoreRansom also offers more and more decryption tools
Unit 42 observed that the BianLian group shares a small, customized custom .NET executable with the Makop ransomware group, suggesting a possible connection between the groups. It is noticeable that the NET tool contains some words in Russian, e.g. B. contains the numbers one to four. Both groups also used the same hash from the publicly available Advanced Port Scanner tool.
Unit 42 Incident Responders have handled multiple BianLian ransomware incidents since the group emerged in September 2022. The rise of the group probably causes an expansion. The group's leak site at least suggests that they are looking for new developers and members there.
More at PaloAltoNetworks.com
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.