"BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion"

The BianLian ransomware group is expanding its operations and evolving as a business, compromising computers more quickly. According to researchers, in attacks that have claimed at least 116 victims, it is also abandoning encryption for pure data-theft extortion tactics. BianLian, which was first discovered in July of 2022, has not strayed significantly from the tactic of delivering a custom go-based backdoor once it has infiltrated a network. Researchers from Redacted noted that the malware's functionality has remained largely unchanged with a few minor adjustments. However, the speed with which the group's command-and-control (C2) server delivers the backdoor has increased, and the group has shifted its focus from ransoming encrypted files to data-leak extortion to extract payments from victims. BianLian has learned that they do not need to encrypt victim networks in order to receive payment, according to Adam Flatley, vice president of intelligence at Redacted. He says that this turn toward data-leak extortion is dangerous since it allows the gang to take more time to customize threats to specific victims and create greater pressure to pay ransoms. This article continues to discuss the BianLian ransomware group continuing to mature as a thriving cybercriminal business. 

Dark Reading reports "BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion"