Security News > 2023 > May > 'Strictly limit' remote desktop – unless you like catching BianLian ransomware

The FBI and friends have warned organizations to "Strictly limit the use of RDP and other remote desktop services" to avoid BianLian infections and the ransomware gang's extortion attempts that follow the data encryption.

BianLian typically gains access to victims' Windows systems via Remote Desktop Protocol credentials - hence the advice to shore up RDP security - and then uses software tools and command-line scripting to find and steal more credentials and snoop through the network and its files.

To lessen the threat of becoming BianLian's next victim, the government agencies urge organizations to, as well as lock down RDP, disable or limit command-line and scripting activities and permissions, restrict the execution of application software, and also to restrict use of PowerShell.

"FBI, CISA, and ACSC encourage critical infrastructure organizations and small- and medium-sized organizations to implement the recommendations in the Mitigations section of this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents," the cyber cops advised.

The operators behind BianLian are among a growing number of ransomware groups using newer programming languages - in this case Go, but others also are turning to Rust - to make the malware a little more difficult to analyze and to get around some endpoint protection tools.

"In several instances, BianLian made reference to legal and regulatory issues a victim would face were it to become public that the organization had suffered a breach," Redacted security researchers said in a March report on the criminal gang.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/17/fbi_cisa_bianlian_advisory/