• Home
  • News
  • BianLian Ransomware Targets US-Based Enterprise

BianLian Ransomware Targets US-Based Enterprise

Miklos Zoltan

By Miklos Zoltan . 16 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

The supposedly Chinese ransomware group BianLian reached US recently, targeting Republic Shipping Consolidators. This is a high-profile shipping actor with global reach, involved in Ocean and Air Fright services across the US, Nicaragua, Asia, and Europe.

  • The attack managed to breach the company’s defenses, freezing its operations and causing an undisclosed data leak
  • BianLian posted about the attack on their private network, but they didn’t specify the ransom, the amount of data they’ve seized, or any other detail
  • It’s unknown whether the victim decided to pay or opted for handling the problem on their own
  • BianLian is an old ransomware actor dating back to 2019, when its first Android version came out

This recent attack falls in line with the cyber-threat actor’s usual MO. BianLian usually attacks high-profile targets from a variety of fields. These include healthcare, finances, government, education, law, and many others.

The fact that the group is so fearless and indiscriminate suggests that the organization is well financed and extremely powerful. This theory is also supported by BianLian’s ability to upgrade its systems and tools faster than any other ransomware actor.

Tweet showing the BianLian attack on Republic Shipping Consolidators
https://twitter.com/FalconFeedsio/status/1746787761942892875

As recent investigation shows, this is one of the organization’s main strengths: its ability to keep up with the trends and upgrade its tactics and attack vectors accordingly. The group’s operating code is constantly under change.

This type of adaptability recommends BianLian as one of the most powerful organizations in the cyber-criminal world. Despite its active profile, the organization’s structure and operating ladder remains anonymous at this time.

Who Is BianLian?

The group began operating at a low level in 2019, when its first Android iteration came out. However, the program took its current form in July of 2022, when it eventually became rampant and made a name for itself.

BianLian has been using the double-extortion MO since the beginning and with great success according to the latest statistics. It’s unclear how many victims chose to pay the ransom vs. fighting the attacker on their own.

But this is standard with most attacks, as ransomware victims rarely admit to paying the ransom, since this paints them as vulnerable targets who are willing to pay. BianLian follows the typical Asian trend of using tell-telling names to inspire fear.

BianLian alludes to the Chinese art of face changing, which is a traditional form of entertainment. This name is symbolic for the organization’s rapid and effective adaptability and willingness to constantly upgrade and improve its systems and MOs.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment