• Home
  • News
  • BianLian Hackers Target US Company

BianLian Hackers Target US Company

Bogdan Pătru

By Bogdan Pătru . 24 April 2024

Tech Writer

Miklos Zoltan

Fact-Checked this

The BianLian gang announced another successful breach against US-based defi SOLUTIONS. The company offers a platform for transferring loan documents and serves multiple banks, credit unions, and finance companies, among others.

  • Defi SOLUTIONS hasn’t commented on the breach, and BianLian hackers didn’t offer too much info about the operation
  • The only thing that they’ve posted is a short summary of the target company
  • BianLian is one of the most well-known ransomware actors in the world, being active since 2021
  • The hackers operate based on the multi-extortion technique, both stealing data and encrypting the victim’s systems

BianLian got its name after the traditional Chinese art, which translates as “face-changing.” This is very fitting for the infamous cybercriminal gang due to their ability to adapt to changes, cover their tracks, and constantly change their tactics and approaches.

Not many ransomware actors are as versatile, but those that are, like BianLian, are very difficult to track and protect against. As data shows, BianLian targets several industries indiscriminately, as the operators only follow the money trail.

X showing the BianLian attack on DEFI SOLUTIONS
https://twitter.com/FalconFeedsio/status/1783022000874680807

The gang’s multi-extortion practice is also annoying, to say the least. File encryption is notoriously tricky to work around and some victims can’t even do that. This is why some decide to pay the ransom and improve their ransomware protection afterward.

This type of extortion practice also leads to higher ransom demands because the victim needs to negotiate for both the decryption key and the deletion of the stolen data. And BianLian operators aren’t known to be fair-play negotiators.

Should You be Worried About BianLian?

The short answer is yes. The gang employs a variety of tactics and strategies to trap their victims and gain access to their system. The most important one is the primary MO to begin with. BianLian infects legitimate apps and software by exploiting known vulnerabilities.

This allows them to lure in unsuspecting victims who think they’re using legitimate, clean platforms and services. Not realizing that they’ve been compromised. By the time they do, it’s already too late.

This tactic makes BianLian more dangerous and intrusive than other ransomware actors, who use phishing and spearphishing as primary MOs. Does this mean you cannot protect yourself against BianLian? Yes and no.

It’s undoubtedly more difficult to build a defensive strategy against a ransomware actor as versatile, effective, and elusive as BianLian, but not impossible. However, what you do to prevent the attack isn’t as important as what you do after it has occurred.

As cybersecurity experts explain, the best approach is to refuse any type of negotiation. Choosing to negotiate or, even worse, pay the ransom automatically puts you on the “to revisit” list. That’s what ransomware actors do when they sense blood.

This means that the best way to go about it is to ignore all forms of contact. And never pay the ransom because that’s actually detrimental, no matter how counter-intuitive it might seem.

Sure, the hackers will provide you with the decryption key, but they won’t necessarily keep their word to delete the stolen data. In fact, most won’t. Instead, they will share it with other cybercriminal groups for profit.

Which opens the door to a whole range of additional problems.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment