Ransomware, Data Security, Threat Management

Pure data extortion pursued by BianLian ransomware

BleepingComputer reports that the BianLian ransomware gang has transitioned to pure data extortion and ditched data encryption efforts in its most recent attacks following the emergence of a free ransomware decryptor in January. While BianLian has retained its initial access and lateral movement techniques, as well as the deployment of a custom Go-based malware for remote device access, the ransomware operation has been threatening to leak organizations' stolen data instead of encrypting their files, according to a report from Redacted. Potential legal and regulatory issues stemming from a data breach have also been detailed in BianLian's warnings to its victims. "The group promises that after they are paid, they will not leak the stolen data or otherwise disclose the fact the victim organization has suffered a breach. BianLian offers these assurances based on the fact that their 'business' depends on their reputation," said researchers. The shift of BianLian to encryption-less ransomware efforts comes amid the emergence of the SnapMC, Donut, and Karakurt operations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.