ONE Ransomware (opens in a new tab) the group known as BianLian has decided to part ways with its encoders and instead focus solely on data theft and extortion, experts are reporting,
A new report from cybersecurity researchers Redacted has found BianLian is trying to blackmail businesses – without encrypting their endpoints first.
Researchers are now speculating as to what prompted BianLian to change course, with two scenarios emerging as the most likely.
The decoder is released
“The team promises that once paid, they will not disclose the stolen data or otherwise reveal the fact that the victim organization was breached. BianLian makes these guarantees based on fact. is that their “business” depends on their reputation,” Redacted says in it Analysis (opens in a new tab).
“In a number of cases, BianLian addressed the legal and regulatory issues victims would face if they went public that the organization had been breached. The group also went so far as to include specific references. may go to subsections of certain laws and regulations.”
The researchers also found that the laws and regulations that BianLian referred to were often localized and highly relevant to the victim. That led them to conclude that the group was looking to improve its negotiating skills to get as much money as possible.
When trying to explain why the team decided to get rid of the encoder, there were two possible explanations. The first was that the team realized that infecting the endpoints with ransomware and running the entire operation was too time consuming, too costly, and ultimately redundant. With the right extortion skills, data theft is enough for a successful attack.
The second thing is that the team hasn’t adapted properly since Avast released the free decoder in January of this year. When that happens, the threat actor explains that the decryptor doesn’t mess up because it only works on older versions of the ransomware and will actually corrupt files encrypted by newer versions.
As of a week ago, BleepingComputer Reportedly, BianLian has nearly 120 victims on its extortion portal. The majority (71%) are based in the United States.
Through: BleepingComputer (opens in a new tab)
