BianLian: Difference between revisions
Content deleted Content added
Wikishovel (talk | contribs) m Wikishovel moved page BianLian (ramsomware) to BianLian: Remove unnecessary parentheses/disambiguator |
Wikishovel (talk | contribs) Filled in 4 bare reference(s) with reFill 2 |
||
| Line 1: | Line 1: | ||
'''BianLian (ramsomware)''' is a [[cybercriminal]] group based in [[Russia]] (almost certain) which target organizations in US (critical infrastructures sectors - CNI), Australia (private enterprises) and UK since June 2022.<ref>https://www.infosecurity-magazine.com/news/bianlian-ransomware-new-tactics/</ref><ref>https://www.computerweekly.com/news/366616318/BianLian-cyber-gang-drops-encryption-based-ransomware</ref><ref>https://www.cisa.gov/sites/default/files/2024-11/aa23-136a-joint-csa-stopransomware-bianlian-ransomware-group.pdf |
'''BianLian (ramsomware)''' is a [[cybercriminal]] group based in [[Russia]] (almost certain) which target organizations in US (critical infrastructures sectors - CNI), Australia (private enterprises) and UK since June 2022.<ref>{{Cite web|url=https://www.infosecurity-magazine.com/news/bianlian-ransomware-new-tactics/|title=BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk|first=James|last=Coker|date=November 21, 2024|website=Infosecurity Magazine}}</ref><ref>{{Cite web|url=https://www.computerweekly.com/news/366616318/BianLian-cyber-gang-drops-encryption-based-ransomware|title=BianLian cyber gang drops encryption-based ransomware | Computer Weekly|website=ComputerWeekly.com}}</ref><ref name="auto1">https://www.cisa.gov/sites/default/files/2024-11/aa23-136a-joint-csa-stopransomware-bianlian-ransomware-group.pdf{{bare URL PDF}}</ref> By 2023, the group had exfiltrated the files and [[encrypted]] the victim's systems - double-extortion method.<ref name="auto1"/> |
||
| ⚫ | In 2023, the group shift to [[data theft]] [[extortion]] (exfiltration-based extortion).<ref>{{Cite web|url=https://www.bleepingcomputer.com/news/security/cisa-says-bianlian-ransomware-now-focuses-only-on-data-theft/|title=CISA says BianLian ransomware now focuses only on data theft|website=BleepingComputer}}</ref><ref name="auto1"/> They use valid [[Remote Desktop Protocol]] credentials to gain access to the systems.<ref name="auto">{{Cite web|url=https://www.aha.org/news/headline/2024-11-21-advisory-warns-activity-bianlian-ransomware-group|title=Advisory warns of activity by BianLian ransomware group | AHA News|website=www.aha.org}}</ref><ref name="auto1"/> |
||
</ref> By 2023, the group had exfiltrated the files and [[encrypted]] the victim's systems - double-extortion method.<ref>https://www.cisa.gov/sites/default/files/2024-11/aa23-136a-joint-csa-stopransomware-bianlian-ransomware-group.pdf</ref> |
|||
| ⚫ | In 20 November 2024, [[Federal Bureau of Investigation|FBI]], [[Cybersecurity and Infrastructure Security Agency|United States’ Cyber Security and Infrastructure Security Agency (CISA]]) and the [[Australian Cyber Security Centre]] (ACSC) released a joint security advisory about BianLian ransomware group.<ref name="auto"/><ref name="auto1"/> |
||
| ⚫ | In 2023, the group shift to [[data theft]] [[extortion]] (exfiltration-based extortion).<ref>https://www.bleepingcomputer.com/news/security/cisa-says-bianlian-ransomware-now-focuses-only-on-data-theft/</ref><ref |
||
| ⚫ | In 20 November 2024, [[Federal Bureau of Investigation|FBI]], [[Cybersecurity and Infrastructure Security Agency|United States’ Cyber Security and Infrastructure Security Agency (CISA]]) and the [[Australian Cyber Security Centre]] (ACSC) released a joint security advisory about BianLian ransomware group.<ref |
||
== References == |
== References == |
||
Revision as of 19:19, 24 November 2024
BianLian (ramsomware) is a cybercriminal group based in Russia (almost certain) which target organizations in US (critical infrastructures sectors - CNI), Australia (private enterprises) and UK since June 2022.[1][2][3] By 2023, the group had exfiltrated the files and encrypted the victim's systems - double-extortion method.[3] In 2023, the group shift to data theft extortion (exfiltration-based extortion).[4][3] They use valid Remote Desktop Protocol credentials to gain access to the systems.[5][3] In 20 November 2024, FBI, United States’ Cyber Security and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint security advisory about BianLian ransomware group.[5][3]
References
- ^ Coker, James (November 21, 2024). "BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk". Infosecurity Magazine.
- ^ "BianLian cyber gang drops encryption-based ransomware | Computer Weekly". ComputerWeekly.com.
- ^ a b c d e https://www.cisa.gov/sites/default/files/2024-11/aa23-136a-joint-csa-stopransomware-bianlian-ransomware-group.pdf[bare URL PDF]
- ^ "CISA says BianLian ransomware now focuses only on data theft". BleepingComputer.
- ^ a b "Advisory warns of activity by BianLian ransomware group | AHA News". www.aha.org.
See also
 | This malware-related article is a stub. You can help Wikipedia by expanding it. |