BianLian is a GoLang-based ransomware that continues to breach several industries and demand large ransom amounts. The threat actors also use the double extortion method by stealing an affected organization’s files and leaking them online if the ransom is not paid on time. BianLian gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, around January 2023, they shifted to primarily exfiltration-based extortion. The BianLian ransomware uses goroutines and encrypts files in chunks to quickly hijack an infected system. The ransomware adds its own extension to each encrypted file.
|2023-11-27 ⋅ Twitter (@embee_research) ⋅ |
Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
|2023-11-22 ⋅ Twitter (@embee_research) ⋅ |
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
|2023-07-26 ⋅ Talos ⋅ |
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom
|2023-04-19 ⋅ Bleeping Computer ⋅ |
March 2023 broke ransomware attack records with 459 incidents
Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom
|2022-10-13 ⋅ Blackberry ⋅ |
BianLian Ransomware Encrypts Files in the Blink of an Eye
|2022-09-01 ⋅ [redacted] ⋅ |
BianLian Ransomware Gang Gives It a Go!
|2022-08-18 ⋅ cyble ⋅ |
BianLian: New Ransomware Variant On The Rise
|2022-08-11 ⋅ |
Tweet on BianLian Ransomware
There is no Yara-Signature yet.