Security News > 2023 > May > FBI confirms BianLian ransomware switch to extortion only attacks

A joint Cybersecurity Advisory from government agencies in the U.S. and Australia, and published by the Cybersecurity and Infrastructure Security Agency is warning organizations of the latest tactics, techniques, and procedures used by the BianLian ransomware group.

BianLian is a ransomware and data extortion group that has been targeting entities in the U.S. and Australian critical infrastructure since June 2022.

It aims to provide defenders with information that allows them to adjust protections and strengthen their security stance against BianLian ransomware and other similar threats.

BianLian initially employed a double-extortion model, encrypting systems after stealing private data from victim networks, and then threatening to publish the files.

To evade detection from security software, BianLian leverages PowerShell and the Windows Command Shell to disable running processes associated with antivirus tools.

"FBI, CISA, and ACSC encourage critical infrastructure organizations and small- and medium-sized organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents." - CISA. More detailed information on the recommended mitigations, indicators of compromise, command traces, and BianLian techniques are available in the full bulletins from CISA and the ACSC..

News URL

https://www.bleepingcomputer.com/news/security/fbi-confirms-bianlian-ransomware-switch-to-extortion-only-attacks/