BianLian
BianLian is a cybercriminal ransomware group, presumably based in Russia, which has targeted Critical National Infrastructure (CNI) in the US and private enterprises in Australia and the UK since June 2022,[1][2][3][4] specializing since 2023 in encryption-based extortion. [5][3] (It had previously used the more labor-intensive double-extortion model.) Valid Remote Desktop Protocol credentials are used to gain access to systems.[6][3] On 20 November 2024, FBI, United States’ Cyber Security and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint security advisory concerning the BianLian group.[6][3] Such has been its noterierty that on 6 March 2025 the FBI and its Internet Crime Complaint Center (IC3) issued an advisory bulletin about unknown actors claiming to be BianLian.[7]
See also
- Conti (ransomware)
References
- ↑ Coker, James (November 21, 2024). "BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk". https://www.infosecurity-magazine.com/news/bianlian-ransomware-new-tactics/.
- ↑ "BianLian cyber gang drops encryption-based ransomware | Computer Weekly". https://www.computerweekly.com/news/366616318/BianLian-cyber-gang-drops-encryption-based-ransomware.
- ↑ 3.0 3.1 3.2 3.3 "#StopRansomware: BianLian Data Extortion Group". 2024-11-20. https://www.cisa.gov/sites/default/files/2024-11/aa23-136a-joint-csa-stopransomware-bianlian-ransomware-group.pdf.
- ↑ "BianLian ransomware claims attack on Boston Children's Health Physicians". https://www.bleepingcomputer.com/news/security/bianlian-ransomware-claims-attack-on-boston-childrens-health-physicians/.
- ↑ "CISA says BianLian ransomware now focuses only on data theft". https://www.bleepingcomputer.com/news/security/cisa-says-bianlian-ransomware-now-focuses-only-on-data-theft/.
- ↑ 6.0 6.1 "Advisory warns of activity by BianLian ransomware group | AHA News". https://www.aha.org/news/headline/2024-11-21-advisory-warns-activity-bianlian-ransomware-group.
- ↑ "Internet Crime Complaint Center (IC3) | Mail Scam Targeting Corporate Executives Claims Ties to Ransomware". https://www.ic3.gov/PSA/2025/PSA250306-2.
 |  |
