TIP: Click on subject to list as thread! ANSI
echo: politics
to: All
from: Mike Powell
date: 2024-11-22 10:24:00
subject: One of the nastiest ranso
One of the nastiest ransomware groups around may have a whole new way of 
doing things

Date:
Fri, 22 Nov 2024 14:02:00 +0000

Description:
Encryptors appear to be going obsolete, with BianLian switching to pure theft.

FULL STORY

The infamous BianLian ransomware group has stopped deploying an encryptor on
victim devices, and now focuses exclusively on data exfiltration, an updated
security advisory from the US Cybersecurity and Infrastructure Security 
Agency (CISA), and partner agencies has warned. 

CISA, alongside the FBI and Australian Cyber Security Centre, first published
an in-depth report on BianLian in May 2024 as part of its #StopRansomware
effort, detailing the groups techniques, tactics, and procedures, but this 
has now been updated with new information, including the changes to the 
groups modus operandi. 

As it turns out, BianLian no longer encrypts the information on the endpoints
of its victims. Rather, it just steals the data, and then demands payment in
exchange for not leaking it to the public.

BianLian following the trends 

This is a change that the cybersecurity community has been warning about for
quite some time now, and BianLian is hardly the only group that is no longer
deploying the encryptor. 

As it turns out, developing, maintaining, and deploying the encryption
software is too tedious, too cumbersome, and too expensive. In terms of money
extortion, simple data exfiltration yields the same results, anc crooks are
taking notice. 

The agencies also say BianLian is a Russian actor, based in the country, and
with Russian affiliates. If the name threw you off, and made you think the
group is likely Chinese (or elsewhere in the far East, for that) - that is
intentional. 

The reporting agencies are aware of multiple ransomware groups, like 
BianLian, that seek to misattribute location and nationality by choosing
foreign-language names, almost certainly to complicate attribution efforts,
the report claims. 

In the past, the group was observed targeting organizations in the US 
critical infrastructure sector, and private enterprises in Australia.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/one-of-the-nastiest-ransomware-groups-a
round-may-have-a-whole-new-way-of-doing-things

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.