• Home
  • News
  • Infamous BianLian Ransomware Hits 2 More

Infamous BianLian Ransomware Hits 2 More

Miklos Zoltan

By Miklos Zoltan . 26 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

BianLian is responsible for the infiltration 2 US entities, operating in the law and financial field, respectively. The 2 are NOVA Business Law Group and The Wiser Financial Group.

  • Of the 2, NOVA Business Law Group appears to be the most affected
  • BianLian appears to have secured close to 900 GB of data, which would be a record in the ransomware bubble
  • Neither of the victims commented on the recent events, so there’s no telling how the negotiations go
  • BianLian is known for its aggressiveness, both in cyber-hacking MO and in negotiations

The organization is infamous for its predilection for high-profile targets. BianLian has been known to strike at a wide range of targets throughout the years, but it prefers large companies. This is due to the higher payout in case the victim does pay the ransom.

BianLian also gathered notoriety for asking for abnormally high ransoms and being pretty rigid in negotiations. This causes many victims to prefer public data leak than pay an exorbitant fee in exchange for the decryption key.

X showing the BianLian attack on the 2 victims
https://twitter.com/FalconFeedsio/status/1750414332868083911

BianLian tends to stick to the standard double-extortion method, encrypting the victims’ data and cloning and downloading it for blackmailing reasons. But the group doesn’t always go that route. In some cases, the actor only downloads the data.

It doesn’t encrypt it on the parent system, either because it can’t or because it doesn’t deem it to be necessary. If the data collected in compromising enough, the victim may choose to pay the ransom to make sure it doesn’t leak to the public.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Who Is BianLian?

The organization’s identity and structure are still uncertain at this point. What is known is the group’s path since inception. BianLian first became visible in the public space as early as 2019, when it started as a banking Trojan.

The very first iterations reached the public sphere in 2019, but the actor became a ransomware threat in its own rights in 2022. Since then, BianLian was involved in numerous attacks with varying frequency. US appears to the be main target.

The organization performed more than 60% of its operations on US soil.

Specialists recommend prevention as the main tool against BianLian and other ransomware. This includes upgrading the defense systems, using 2-step identification forms, and even contracting the services of a specialist.

When it comes to the ransoms themselves, specialists recommend a no-negotiation approach. Paying the ransom incentivizes attackers to stay in business.

Leave a Comment