"Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks"

The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure, indicating an increase in the group's activities. BianLian, which is written in the Go programming language, was discovered in mid-July 2022 and had claimed 15 victims as of September 1. The double extortion ransomware family has nothing to do with the same-named Android banking Trojan, which targets mobile banking and cryptocurrency apps to steal sensitive information. Initial access to victim networks is gained by exploiting the ProxyShell Microsoft Exchange Server flaws, which are then used to drop a web shell or a ngrok payload for the next activities. Unlike another new Golang malware called Agenda, the BianLian actors have dwell times of up to six weeks between the time of initial access and the actual encryption event. In addition to using living-off-the-land (LotL) techniques for network profiling and lateral movement, the group is known to use a custom implant as an alternative means of maintaining persistent network access. BianLian, like Agenda, can boot servers into Windows safe mode and execute its file-encrypting malware while remaining undetected by security solutions installed on the system. This article continues to discuss researchers' findings regarding the cross-platform BianLian ransomware.

THN reports "Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks"