BianLian Ransomware Targets 2 in Recent Attack
BianLian, one of the most infamous ransomware organizations today targets 2 more on US soil. The operation resulted in the infiltration of 2 American companies, Cislo & Thomas and Image Craft.
- The 2 victims are companies with history in the law and entertainment field and visual communications respectively
- BianLian posted evidence of the attack on its private network, giving the victims a deadline to begin negotiations
- As is the case with ransomware attacks, if the victims refuse to pay, the stolen data will be leaked publicly
- Neither of the 2 involved in the attack commented on the events
BianLian currently ranks as a highly aggressive and adaptable ransomware actor, but not as active as other ransomware groups. Unlike most organizations, BianLian prefers to keep a low profile and research their targets carefully before striking.
This is a good strategy if you want to preserve resources and avoid the spotlight as much as possible. The organization also puts a lot of emphasis on stealth and flying under the radar in terms of evading investigative organizations.
This MO is antithetical to the common spray-and-pray that many ransomware actors resort to. In that case, the goal is to prioritize quantity over quality.
BianLian is more methodical and surgical than that, which is what makes it so feared in the business. Alongside with the organization’s tendency to upgrade its systems and approaches and evolve its tactics and strategies.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
How BianLian Operates
The organization relies on a multi-stage methodology. BianLian primarily resorts to spearfishing emails with malicious attachments. This allows the group to expose the victim and exploit its vulnerabilities.
Once infiltrated, BianLian’s primary goal is to render itself invisible. This allows it to operate out of sight and download additional tools to encrypt, clone, and exfiltrated the target data.
The victim’s operating system is soon paralyzed and a note is dropped. The note informs the victim of the attack and provides an access code that they can use to contact a BianLian representative.
BianLian’s TOR website contains a very well-structured sheet with its victims, separated on distinct categories, based on their industry. The organization hits indiscriminately, targeting governmental institutions, manufacturing businesses, financial agencies, etc.
The US appears to be the primary target, with close to 60% of the attacks taking place on American soil. UK, Canada, India, and Australia come next, followed by Sweden, Germany and Austria.
BianLian is a world-renown cybercriminal organization with global reach and a scary reputation. And it seems like it’s here to stay.