Ransomware, Threat Management

BianLian ransomware infrastructure beefed up as activity ramps up

Newly identified ransomware group BianLian has bolstered its command-and-control infrastructure, indicating increasing activity, The Hacker News reports. Fifteen organizations have already been impacted by BianLian ransomware since its emergence in mid-July, according to a report from cybersecurity firm [redacted]. Microsoft Exchange Server ProxyShell vulnerabilities have been exploited by BianLian to obtain initial network access, which would be used for web shell or ngrok payload deployment. The report also noted that SonicWall VPN devices have also been targeted by the ransomware, which has significantly longer dwell times than other strains. BianLian does not only perform network profiling and lateral movement through living-off-the-land methods but also launches a custom implant for persistence, as well as arbitrary payload retrieval from a remote server, said the report. "BianLian have shown themselves to be adept with the Living of the Land (LOL) methodology to move laterally, adjusting their operations based on the capabilities and defenses they encountered in the network," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.