Security News > 2023 > May > FBI confirms BianLian ransomware switch to extortion only attacks

A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security Agency is warning organizations of the latest tactics, techniques, and procedures used by the BianLian ransomware group.
BianLian is a ransomware and data extortion group that has been targeting entities in the U.S. and Australian critical infrastructure since June 2022.
It aims to provide defenders with information that allows them to adjust protections and strengthen their security stance against BianLian ransomware and other similar threats.
BianLian initially employed a double-extortion model, encrypting systems after stealing private data from victim networks, and then threatening to publish the files.
To evade detection from security software, BianLian leverages PowerShell and the Windows Command Shell to disable running processes associated with antivirus tools.
"FBI, CISA, and ACSC encourage critical infrastructure organizations and small- and medium-sized organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents." - CISA. More detailed information on the recommended mitigations, indicators of compromise, command traces, and BianLian techniques are available in the full bulletins from CISA and the ACSC..
News URL
Related news
- FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)