HQ/EMEAFind out how we can help your business
The open-source BianLian ransomware that emerged in July last year has transitioned into a new operational strategy in the past months. Researchers claimed that the ransomware group had distanced itself from encryption attacks to pressuring victims through legal and regulatory risks they could face if a data leak happened.
Based on reports, the BianLian threat actors use the same TTPs for their initial access and lateral movement despite the priority change. The researchers confirmed that the group has now employed an encryption-less extortion attack.
The group now prioritises stealing data and posting the harvested credentials on its leaked website instead of encrypting the information. Subsequently, the threat actors threaten its victim organisations by referring to legal issues, penalties, and loss of reputation the entity could face once affected by a data leak attack.
The BianLian ransomware operators conduct extensive research against their targeted entity to maximise profit.
According to investigations, the BianLian ransomware group studies law-related references and rules applicable to extort its victim. This detail shows that the operators first conduct research before executing their attacks.
Experts believe that the ransomware shifted to these kinds of actions because of a new decryption kit adopted by many last January. The decryption tool allowed the victims to decrypt the BianLian ransomware’s encryption for free.
The BianLian operators have already posted masked details of about 14 victims, 16% of its entire attack victims. However, the group has published 22 masked data between January and March this year.
The researchers confirmed that the threat actors post the masked data on the extortion sites within 48 hours after the breach and provide ten days for the victims to pay a ransom.
The BianLian cybercriminal group has taken this strategy to another level by exposing masked data on its leak sites. Moreover, the group has invested time researching its target’s laws and regulations to find weaknesses that could make its extortion tactic easy.
Organisations should stay extra cautious in securing their data since the impact of BianLian’s attack will depend on the number of details stolen from its victim.
