BianLian, one of the most infamous ransomware organizations today targets 2 more on US soil. The operation resulted in the infiltration of 2 American companies, Cislo & Thomas and Image Craft.
BianLian currently ranks as a highly aggressive and adaptable ransomware actor, but not as active as other ransomware groups. Unlike most organizations, BianLian prefers to keep a low profile and research their targets carefully before striking.
This is a good strategy if you want to preserve resources and avoid the spotlight as much as possible. The organization also puts a lot of emphasis on stealth and flying under the radar in terms of evading investigative organizations.
This MO is antithetical to the common spray-and-pray that many ransomware actors resort to. In that case, the goal is to prioritize quantity over quality.
BianLian is more methodical and surgical than that, which is what makes it so feared in the business. Alongside with the organization’s tendency to upgrade its systems and approaches and evolve its tactics and strategies.
We believe security online security matters and its our mission to make it a safer place.
The organization relies on a multi-stage methodology. BianLian primarily resorts to spearfishing emails with malicious attachments. This allows the group to expose the victim and exploit its vulnerabilities.
Once infiltrated, BianLian’s primary goal is to render itself invisible. This allows it to operate out of sight and download additional tools to encrypt, clone, and exfiltrated the target data.
The victim’s operating system is soon paralyzed and a note is dropped. The note informs the victim of the attack and provides an access code that they can use to contact a BianLian representative.
BianLian’s TOR website contains a very well-structured sheet with its victims, separated on distinct categories, based on their industry. The organization hits indiscriminately, targeting governmental institutions, manufacturing businesses, financial agencies, etc.
The US appears to be the primary target, with close to 60% of the attacks taking place on American soil. UK, Canada, India, and Australia come next, followed by Sweden, Germany and Austria.
BianLian is a world-renown cybercriminal organization with global reach and a scary reputation. And it seems like it’s here to stay.