Security News > 2023 > March > BianLian ransomware crew goes 100% extortion after free decryptor lands

The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion.

Cybersecurity firm Avast's release in January of a free decryptor for BianLian victims apparently convinced the miscreants that there was no future for them on the ransomware side of things and that pure extortion was the way to go.

"Rather than follow the typical double-extortion model of encrypting files and threatening to leak data, we have increasingly observed BianLian choosing to forgo encrypting victims' data and instead focus on convincing victims to pay solely using an extortion demand in return for BianLian's silence," threat researchers for cybersecurity company Redacted wrote in a report.

The BianLian gang hacked its way onto the scene in July 2022 and established itself as a rapidly emerging threat, particularly to such industries as healthcare, education and engineering, and IT. According to Redacted, as of March 13, the miscreants had 118 victims listed on their leak site.

Though changing some of its tactics, BianLian is staying consistent as far as initial access and lateral movement through a victim's network.

Redacted, which has tracked BianLian since last year, also is getting a view of the tight coupling between the backdoor deployment and the command-and-control server, which indicates that "By the time a BianLian C2 is discovered, it is likely that the group has already established a solid foothold into a victim's network," the researchers wrote.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/19/bianlian_ransomware_extortion/