BianLian Targets Five In A Recent Coordinated Attack

By Miklos Zoltan . 11 February 2024

Founder - Privacy Affairs

Fact-Checked this

BianLian infected five private companies recently, four from US and one from Sweden. The attacks appear coordinated and calculated, as it typically is the case with BianLian operations.

Two of the victims are in the health industry, one operates in IT, and the other one is in the shoe manufacturing business
The victims have declined any public comment, so it’s unclear how damaging the attacks have been
BianLian didn’t threaten to publish any of the victim’s data, so it is presumed that the negotiations are still ongoing
The organization has been on an increasing trend in terms of attack frequency

BianLian isn’t as visible as other ransomware actors in the public sphere, but its name does pop up occasionally. The organization appears to be very surgical with its attacks, unlike the spray-and-pray tactic employed by most extortion rings.

This gives BianLian the edge in the field, allowing the group to orchestrate more successful attacks that are more likely to turn in meaty ransom rewards. Even so, it’s important to remember that most ransomware victims refuse to pay and even negotiate.

X showing the BianLian attack on the 5 victims — https://twitter.com/FalconFeedsio/status/1756218945538056268

This recent event follows BianLian’s normal trend of attacking indiscriminately across multiple industries. The ransomware actor has a predilection for US-based targets and generally handpicks its victims with great consideration.

BianLian’s most feared characteristic is its malleability in terms of tactics and breach options. Unlike standard ransomware actors, BianLian is known to be one of the most innovative malware agents on the market.

The organization is constantly looking for new ways to surprise its targets to break their defenses and secure as much data as it can. The group will then resort to the standard double-extortion practice to intimidate victims and blackmail them into paying.

BianLian’s Profile and Future Prospects

BianLian currently ranks as a dangerous ransomware actor with great potential and a lot of room for growth. The group is already making waves on the market with some memorable hits, especially in 2023.

One such attack on a Californian hospital allowed BianLian to clone and steal in excess of 1.7 TB of data, which is unheard of in the ransomware business. According to specialists, targeting healthcare institutions puts people’s lives at risk.

But neither BianLian nor any other ransomware entity has ever shown any sign of consideration or remorse. The group is in the business of making money, so that makes sense.

BianLian first emerged in 2022, but it wasn’t particularly active for its first several months. It slowly gained pace, though, and increased its activity, but always on the lower side. When it comes to 2023, BianLian’s richest month was May with 25 attacks.

The rest of the months fell at 10 or less attacks per month, which is on the low end of the spectrum when comparing it with the average. Lockbit, for instance, performed 1-15 attacks per day at times.

As it stands, BianLian is an aggressive and innovative ransomware actor with a promising future ahead of it. Investigation agencies are looking into the infamous extortion ring as we speak, trying to shed light on its structure.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

BianLian Targets Five In A Recent Coordinated Attack

BianLian’s Profile and Future Prospects

Our Mission

Miklos Zoltan

Leave a Comment Cancel