BianLian Ransomware Group Threatens US & Australia: Authorities Warn
Cybersecurity authorities warn of an escalating threat from the BianLian ransomware group. Known for breaching organizations through stolen remote desktop protocol (RDP) credentials or phishing attacks, BianLian has been actively targeting private enterprises and critical infrastructure in Australia and the US.
Once infiltrated, the group disables antivirus tools using PowerShell and Windows Command Shell, then explores the environment. Initially employing a double extortion model, BianLian now focuses solely on data exfiltration, stealing sensitive financial, client, business, technical, and personal files. In mid-March 2023, its dark website listed 118 past targets, with healthcare being the most affected sector. The group uses Tox messaging or encrypted email for ransom negotiations, including a unique victim ID in the ransom note.
Authorities advise organizations to prioritize securing RDP to protect against BianLian attacks. Since mid-2020, the group has targeted multiple US critical infrastructure entities, indicating its growing sophistication and reach.
With BianLian's increasing activity and focus on exfiltration-based extortion, organizations must enhance their cybersecurity awareness measures. Securing RDP and monitoring for unusual network activity are crucial steps to mitigate this evolving threat.
