BianLian Infamous Extortion Ring Targets Two US Companies
BianLian breached two more American companies recently and posted evidence of the cyberattack on their public platform. The two victims didn’t issue any comment about the attack.
- The two companies involved in the cyberattack are Advanced Orthopedic & Sports Medicine Clinic and Dobrowski Stafford & Pierce
- It’s uncertain how BianLian managed to breach the victims’ defenses or how much data they’ve managed to steal
- It’s also unclear how large the ransom is in each case, but the assumption is that it’s manageable
- The largest ransom demand attributed to BianLian’s name climbed up to $1 million
BianLian operates slightly differently than most other ransomware actors. The cybercriminal organization isn’t known for its high ransomware activity. The largest number of casualties took place in May of 2023.
During that month, BianLian attacked and breached 25 targets. While this sounds a lot, such a number pales in comparison with Lockbit’s figures. The latter can produce 10-15 victims per day in some cases.
Even so, BianLian’s danger factor is still considerably higher than that of many other cybercriminal rings. There are multiple reasons for that.
For one, BianLian always goes for targeted attacks against high-value institutions. Then you have the fact that the extortion ring is extremely influential and adaptable, constantly upgrading its systems, tactics, and operations.
These features make BianLian one of the most feared in the business, especially since not even the FBI has the organization’s profile and structure.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
BianLian’s Threat Level
The organization’s estimated threat level is still in the mid-range. That’s not because the group isn’t capable or aggressive enough, but because it picks its targets very carefully. This means that it produces fewer victims than other ransomware actors.
On the other hand, this type of premeditated and calculated attack tactic increases the chances of BianLian penetrating the victim’s defenses. It’s also worth noting that BianLian doesn’t always use the double-extortion tactic.
Instead, the cybercriminal ring often opts for a simple extortion approach. In other words, it breaches the victim’s systems, steals the target data, and leaves without encrypting the local system.
The actor will then negotiate the destruction of the stolen data, which is often sensitive and not meant for the public eye. The victim then has to choose between an important financial loss or an equally important one in the reputation department.
However, experts warn that paying the ransom may not be the smartest move anyway. Not even in this case where the attacker doesn’t encrypt the victim’s files. That’s because you have no guarantee that the victim will actually destroy the data.
BianLian is known to often join forces with other cybercriminal rings like Makop and rely on affiliates to expand its reach and influence. This means that BianLian can sell the stolen data to other ransomware agents and groups, even after their ransom demands are met.
This leads to even more extortion events down the line, sometimes months later, with the victim not knowing where the leak comes from. However, the ultimate decision remains with the victim.