BianLian Breaches 2

By Bogdan Pătru . 20 April 2024

Tech Writer

Fact-Checked this

BianLian hackers announced 2 more victims today, JE Owens & Company and Western Saw, Inc. These are both US-based institutions with decades-rich history and immense recognition.

BianLian currently qualifies as one of the most effective and versatile ransomware gangs in the world
The group’s name comes from the ancient Chinese form of art that involved face-changing, which is quite telling of BianLian’s rapid adaptation and evolving
Neither of the 2 victims has commented on the attacks, so it’s unclear what their response will be
Based on how most ransomware victims choose to act, they will most likely refuse to negotiate with the hackers, but nothing is for certain

BianLian ranks as a highly adaptable and competent ransomware entity, working with knowledgeable operators on a global scale. The infamous actor prefers to target US-based entities and specifically aims for high-value targets, especially lately.

This wasn’t always the case, as the organization has evolved dramatically over time, after starting as an Android Trojan in 2019. It took 3 years for the group to evolve to the ransomware status, where it remained to this day.

Its tactics also changed with time, slowly upgrading from simple ransomware demands to the more intricate double-extortion practice. Currently, BianLian doesn’t rank as a RaaS service.

X showing the BianLian attack on the two victims — https://twitter.com/FalconFeedsio/status/1781269009054253108

The double-extortion practice is both annoying and more damaging than the standard ransomware breach. The tactic involves encrypting the victim’s system and stealing valuable data on top of that.

The victim needs to pay for the decryption key and for the deletion of the leaked data. Naturally, the victim has no way of verifying whether the hackers have kept their word regarding the latter. Which is why the standard advice is to never negotiate.

What Do We Know About BianLian?

Other than the fact that it’s a ransomware gang and a brief history of its accomplishments and progress, we don’t know much. BianLian evolved slowly over time, but has gained a lot of kick recently, especially throughout 2023.

The gang appears to work with highly competent and knowledgeable operators and likes to keep its cards close to its chest. Which is why it doesn’t offer RaaS (Ransomware-as-a-Service) services.

The group targets primarily high-value targets and often demands exorbitant ransoms. The hackers try to maximize their profits with every operation, especially since they don’t usually target multiple institutions at the same time.

It’s also worth mentioning that BianLian often extracts a lot of data, presumably in an effort to maximize their gains. In one such case, the hackers were able to steal 700 GB-worth of data from an undisclosed victim.

In such cases, the hackers will most likely make a profit even if the victim doesn’t pay the ransom. That’s because they typically sell the data on the Dark Web to other cybercriminal gangs. Which, naturally, spells disaster for the victim.

However, experts warn that paying the ransom or negotiating with the hackers doesn’t change much in this sense. They will most likely do the same even if the victim does pay. Hence, why most experts recommend adopting a no-negotiation policy.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

What Do We Know About BianLian?

Our Mission

Bogdan Pătru

Leave a Comment Cancel