Jump to content

BianLian

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Arwenz (talk | contribs) at 19:39, 24 November 2024. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

BianLian is a cybercriminal ransomware group based in Russia (almost certain) which target organizations in US (critical infrastructures sectors - CNI), Australia (private enterprises) and UK since June 2022.[1][2][3] By 2023, the group had exfiltrated the files and encrypted the victim's systems - double-extortion method.[3] In 2023, the group shift to data theft extortion (exfiltration-based extortion).[4][3] They use valid Remote Desktop Protocol credentials to gain access to the systems.[5][3] In 20 November 2024, FBI, United States’ Cyber Security and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint security advisory about BianLian ransomware group.[5][3]

See also

References

  1. ^ Coker, James (November 21, 2024). "BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk". Infosecurity Magazine.
  2. ^ "BianLian cyber gang drops encryption-based ransomware | Computer Weekly". ComputerWeekly.com.
  3. ^ a b c d e https://www.cisa.gov/sites/default/files/2024-11/aa23-136a-joint-csa-stopransomware-bianlian-ransomware-group.pdf[bare URL PDF]
  4. ^ "CISA says BianLian ransomware now focuses only on data theft". BleepingComputer.
  5. ^ a b "Advisory warns of activity by BianLian ransomware group | AHA News". www.aha.org.


Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=BianLian&oldid=1259362496"