Stung by Free Decryptor, Ransomware Group Embraces Extortion
Fraud Management & Cybercrime
,
Ransomware
BianLian Follows in Karakurt’s Footsteps by Moving Away From Crypto-Locking Malware
Not all ransomware groups wield crypto-locking malware. In their continuing quest for extortionate profits, some have moved away from encryption and pressure victims purely by threatening to leak stolen data unless they receive a ransom payment.
See Also: How to Use Risk Scoring to Propel Your Risk-Based Vulnerability Management Program Forward
This seems to have been the case for BianLian, a prolific ransomware group that emerged in the summer of 2022. At that point, threat intelligence firm Cyble reported the group was known for executing rapid-encryption attacks, especially against the media and entertainment sectors, as well as healthcare, energy and utilities, among others.
The group’s name refers to “bian lian” – an ancient Chinese dramatic art in which characters’ faces change in the blink of an eye. It’s apparently a reference to the speed of the group’s encryption.
Czech cybersecurity firm Avast threw a wrench in the group’s works in January by releasing a free decryptor for victims of the ransomware.
This didn’t go unnoticed by BianLian. “If you have questions about Avast’s decryptor, you need to know that for each company we create an unique key,” the criminals said in a snarky, grammatically incorrect message posted to their site dedicated to naming victims and leaking stolen data….
