SYMBOLCOMMON_NAMEaka. SYNONYMS
win.bianlian (Back to overview)

BianLian


BianLian is a GoLang-based ransomware that continues to breach several industries and demand large ransom amounts. The threat actors also use the double extortion method by stealing an affected organization’s files and leaking them online if the ransom is not paid on time. BianLian gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, around January 2023, they shifted to primarily exfiltration-based extortion. The BianLian ransomware uses goroutines and encrypts files in chunks to quickly hijack an infected system. The ransomware adds its own extension to each encrypted file.

References
2023-11-27Twitter (@embee_research)Embee_research
@online{embeeresearch:20231127:building:3dd782a, author = {Embee_research}, title = {{Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)}}, date = {2023-11-27}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/building-advanced-censys-queries-utilising-regex-bianlian/}, language = {English}, urldate = {2023-11-27} } Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
BianLian
2023-11-22Twitter (@embee_research)Embee_research
@online{embeeresearch:20231122:practical:1847814, author = {Embee_research}, title = {{Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)}}, date = {2023-11-22}, organization = {Twitter (@embee_research)}, url = {https://embee-research.ghost.io/practical-queries-for-malware-infrastructure-part-3/}, language = {English}, urldate = {2023-11-22} } Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-07-26TalosNicole Hoffman
@online{hoffman:20230726:incident:4731c33, author = {Nicole Hoffman}, title = {{Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical}}, date = {2023-07-26}, organization = {Talos}, url = {https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/}, language = {English}, urldate = {2023-08-03} } Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom
2023-04-19Bleeping ComputerBill Toulas
@online{toulas:20230419:march:2c99c12, author = {Bill Toulas}, title = {{March 2023 broke ransomware attack records with 459 incidents}}, date = {2023-04-19}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/march-2023-broke-ransomware-attack-records-with-459-incidents/}, language = {English}, urldate = {2023-04-28} } March 2023 broke ransomware attack records with 459 incidents
Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom
2022-10-13BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20221013:bianlian:76ad15a, author = {The BlackBerry Research & Intelligence Team}, title = {{BianLian Ransomware Encrypts Files in the Blink of an Eye}}, date = {2022-10-13}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2022/10/bianlian-ransomware-encrypts-files-in-the-blink-of-an-eye}, language = {English}, urldate = {2022-10-24} } BianLian Ransomware Encrypts Files in the Blink of an Eye
BianLian
2022-09-01[redacted]Ben Armstrong, Lauren Pearce, Brad Pittack, Danny Quist
@online{armstrong:20220901:bianlian:a1feb73, author = {Ben Armstrong and Lauren Pearce and Brad Pittack and Danny Quist}, title = {{BianLian Ransomware Gang Gives It a Go!}}, date = {2022-09-01}, organization = {[redacted]}, url = {https://redacted.com/blog/bianlian-ransomware-gang-gives-it-a-go/}, language = {English}, urldate = {2022-10-24} } BianLian Ransomware Gang Gives It a Go!
BianLian BianLian
2022-08-18cybleCyble
@online{cyble:20220818:bianlian:642512f, author = {Cyble}, title = {{BianLian: New Ransomware Variant On The Rise}}, date = {2022-08-18}, organization = {cyble}, url = {https://blog.cyble.com/2022/08/18/bianlian-new-ransomware-variant-on-the-rise/}, language = {English}, urldate = {2022-10-24} } BianLian: New Ransomware Variant On The Rise
BianLian
2022-08-11MalwareHunterTeam
@online{malwarehunterteam:20220811:bianlian:32ad6a5, author = {MalwareHunterTeam}, title = {{Tweet on BianLian Ransomware}}, date = {2022-08-11}, url = {https://twitter.com/malwrhunterteam/status/1558548947584548865}, language = {English}, urldate = {2022-09-30} } Tweet on BianLian Ransomware
BianLian

There is no Yara-Signature yet.