The US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and others have issued a joint alert, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks.
BianLian, which has been targeting different industry sectors since June 2022, is a ransomware developer, deployer and data extortion group which has predominantly targeted enterprises.
In recent months the group’s attack model has changed from one where financial, business, client, and personal data has been exfiltrated for leverage followed by encryption of victims’ systems to one which primarily steals data while leaving systems intact.
Following a typical attack, the BianLian group will threaten that their corporate victim will suffer financial, business, and legal consequences if a ransom payment is not made.
Organisations are urged to lock down RDP, disable commandline and scripting activities and permissions, restrict the use of PowerShell, ensure that only the latest version of PowerShell is installed and that enhanced logging is enabled.
Key points:
– BianLian ransomware has been targeting different industry sectors since June 2022.
– The group’s attack model has changed from one where data has been exfiltrated for leverage followed by encryption of victims’ systems to one which primarily steals data while leaving systems intact.
– The BianLian group will threaten that their corporate victim will suffer financial, business, and legal consequences if a ransom payment is not made.
– Organisations are urged to lock down RDP, disable commandline and scripting activities and permissions, restrict the use of PowerShell, ensure that only the latest version of PowerShell is installed and that enhanced logging is enabled.
– Companies are advised not to give in to the extortion demands as there can be no guarantee that exfiltrated files will not still be published or sold to other criminals.
