BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Grouping BianLian excluded encryption from the chain of attacks

    The BianLian ransomware group has shifted its focus from encrypting files only to exfiltrating data and using it to extort victims. This was reported by the information security company Redacted, which saw signs that the group is trying to use its extortion skills and increase pressure on victims.

    BianLian operators have retained their Initial Access and Lateral Movement methods, and continue to deploy their own Golang-based backdoor that gives them remote access to a compromised device.

    On its website, BianLian lists its victims as early as 48 hours after being compromised and gives companies approximately 10 days to pay the ransom. As of March 13, 2023, BianLian has listed a total of 118 entities on its website, with the vast majority (71%) being US-based companies.

    The main difference between the recent attacks is that BianLian tries to monetize its hacks without encrypting the victim's files. Instead, the group now relies solely on threats to leak stolen data to the dark web.

    The hackers promise that once the ransom is paid, they will not disclose the stolen data or otherwise disclose the fact that the organization has been hacked. BianLian offers these guarantees based on the fact that their "business" depends on their reputation.

    In order to have a greater impact on the victim, the cybercriminals in some cases reminded them of the possible legal problems that the organization would face if it became known about the hack. Moreover, in the ransom note, the group also left references to specific sections of laws and statutes.

    Redacted experts found that in many cases, the mentioned laws apply in the region of the victim, indicating that hackers are honing their extortion skills by analyzing the legal risks of the victim in order to formulate strong arguments.

    It is unknown if BianLian's move away from encryption is related to Avast's release of a free decryptor for the BianLian ransomware. Perhaps the attackers simply realized that they did not need this part of the attack chain to extort ransom from the victims.

    Author DeepWeb
    Crown Resorts gambling company had their data lost by hackers
    KillNet tripled the number of DDoS attacks in 3 months

    Comments 0

    Add comment