The BianLian ransomware group has added a new victim to their list. The target is Consolidated Benefits Resources, a claims administrator for the Oklahoma workers. The hackers didn’t detail anything aside from the fact that they had breached the target.
Despite being active for over 2 years, BianLian has increased its public visibility considerably over the past year. 2023 ranks as the busiest and most active year for the BianLian hackers, and 2024 doesn’t look to land very far.
According to experts, BianLian typically exploits Remote Desktop Protocol credentials after successful phishing attacks. The primary MO is rather standard for the industry, but what comes after caries more of BianLian’s profile.
The ransomware actor is extremely effective at handpicking its targets after careful consideration and covering its tracks along the way. BianLian is very difficult to detect until it’s already too late. This gives victims no other option but to accept that they’ve been exposed.
If negotiations are not successful, BianLian will publish the victim’s data on the Dark Web. This can cause an array of problems, including other cybercriminal organizations using the data for future breaches and attacks.
BianLian’s fear factor comes from its methodical attack method. Unlike the standard spray-and-pray technique that most ransomware actors employ, BianLian is more calculated when choosing its victims.
The reasoning behind that has to do with limited resources and increasing the chance of a successful breach. BianLian is also extremely cautious, doing everything in its power to shield itself from scrutiny and cover its tracks.
This is especially necessary in an era when the FBI, along with other law enforcement agencies across the globe, has started to crack down on major ransomware actors. Lockbit is but one example, as the FBI supposedly dismantled it at the end of February 2024.
Supposedly, because Lockbit appears to be still active today, despite all the heat it got.
BianLian is also feared due to its willingness to upgrade its tactics and systems constantly, both to increase its effectiveness and boost its stealth factor. This explains why the group is still operating today with no impunity.
It’s also important to note that BianLian’s taste in victims has changed over time. Starting with Q2 of 2023, the group has started to attack larger and more resourceful companies, including state-owned businesses or institutions.
This may be a sign that the ransomware actor is confident enough that it can now cover its tracks effectively. And that its tools and systems are now better fitted to handle high-value targets. Whatever the case may be, BianLian is definitely one to keep a close eye on.
If you think you qualify as a target, contact cybersecurity experts to discuss your options and work on your defenses.
We believe security online security matters and its our mission to make it a safer place.