win.bianlian (Back to overview)


BianLian is a GoLang-based ransomware that continues to breach several industries and demand large ransom amounts. The threat actors also use the double extortion method by stealing an affected organization’s files and leaking them online if the ransom is not paid on time. BianLian gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, around January 2023, they shifted to primarily exfiltration-based extortion. The BianLian ransomware uses goroutines and encrypts files in chunks to quickly hijack an infected system. The ransomware adds its own extension to each encrypted file.

2024-02-16YouTube (CactusCon)Danny Quist
Reverse Engineering Go Malware: A BianLian Story
BianLian BianLian
2024-02-09CensysCensys, Embee_research
A Beginners Guide to Tracking Malware Infrastructure
AsyncRAT BianLian Cobalt Strike QakBot
2024-01-12SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q4 2023
FluBot Hook FAKEUPDATES AsyncRAT BianLian Cobalt Strike DCRat Havoc IcedID Lumma Stealer Meterpreter NjRAT Pikabot QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver
2023-11-27Twitter (@embee_research)Embee_research
Building Threat Intel Queries Utilising Regex and TLS Certificates - (BianLian)
2023-11-22Twitter (@embee_research)Embee_research
Practical Queries for Malware Infrastructure - Part 3 (Advanced Examples)
BianLian Xtreme RAT NjRAT QakBot RedLine Stealer Remcos
2023-07-26TalosNicole Hoffman
Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom
2023-04-19Bleeping ComputerBill Toulas
March 2023 broke ransomware attack records with 459 incidents
Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom
2022-10-13BlackberryThe BlackBerry Research & Intelligence Team
BianLian Ransomware Encrypts Files in the Blink of an Eye
2022-09-01[redacted]Ben Armstrong, Brad Pittack, Danny Quist, Lauren Pearce
BianLian Ransomware Gang Gives It a Go!
BianLian BianLian
BianLian: New Ransomware Variant On The Rise
Tweet on BianLian Ransomware

There is no Yara-Signature yet.