• Home
  • News
  • BianLian Ransomware Targets US-Based Enterprise

BianLian Ransomware Targets US-Based Enterprise

Miklos Zoltan

By Miklos Zoltan . 16 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

The supposedly Chinese ransomware group BianLian reached US recently, targeting Republic Shipping Consolidators. This is a high-profile shipping actor with global reach, involved in Ocean and Air Fright services across the US, Nicaragua, Asia, and Europe.

  • The attack managed to breach the company’s defenses, freezing its operations and causing an undisclosed data leak
  • BianLian posted about the attack on their private network, but they didn’t specify the ransom, the amount of data they’ve seized, or any other detail
  • It’s unknown whether the victim decided to pay or opted for handling the problem on their own
  • BianLian is an old ransomware actor dating back to 2019, when its first Android version came out

This recent attack falls in line with the cyber-threat actor’s usual MO. BianLian usually attacks high-profile targets from a variety of fields. These include healthcare, finances, government, education, law, and many others.

The fact that the group is so fearless and indiscriminate suggests that the organization is well financed and extremely powerful. This theory is also supported by BianLian’s ability to upgrade its systems and tools faster than any other ransomware actor.

Tweet showing the BianLian attack on Republic Shipping Consolidators
https://twitter.com/FalconFeedsio/status/1746787761942892875

As recent investigation shows, this is one of the organization’s main strengths: its ability to keep up with the trends and upgrade its tactics and attack vectors accordingly. The group’s operating code is constantly under change.

This type of adaptability recommends BianLian as one of the most powerful organizations in the cyber-criminal world. Despite its active profile, the organization’s structure and operating ladder remains anonymous at this time.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Who Is BianLian?

The group began operating at a low level in 2019, when its first Android iteration came out. However, the program took its current form in July of 2022, when it eventually became rampant and made a name for itself.

BianLian has been using the double-extortion MO since the beginning and with great success according to the latest statistics. It’s unclear how many victims chose to pay the ransom vs. fighting the attacker on their own.

But this is standard with most attacks, as ransomware victims rarely admit to paying the ransom, since this paints them as vulnerable targets who are willing to pay. BianLian follows the typical Asian trend of using tell-telling names to inspire fear.

BianLian alludes to the Chinese art of face changing, which is a traditional form of entertainment. This name is symbolic for the organization’s rapid and effective adaptability and willingness to constantly upgrade and improve its systems and MOs.

Miklos Zoltan
Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan
  • Connect with the author:

Leave a Comment