Bian Lian reaches the US to break into another hospital’s system. The infamous ransomware gang posted the evidence about the attack today, along with a few words on the victim’s profile and history.
Bian Lian is a veteran in the ransomware sphere, with evidence of cyber attacks dating back to 2021. However, the cybercriminal gang didn’t really take off until the start of 2022. Since then, the organization earned its spot in the top 10 of the most active extortion rings.
The group finds targets in all industries but prefers healthcare, manufacturing, and legal services for higher financial returns. The healthcare sphere is particularly vulnerable due to operating under delicate conditions.
Hospitals can’t have their systems off for too long because this will potentially put lives at risk. Bian Lian will gladly exploit this vulnerability, which is why they prioritize hospitals above all else.
Bian Lian appears to be connected to the Makop ransomware group, although nothing has been confirmed so far. The suspicions come from a custom .NET tool that both organizations are using.
While Bian Lian was initially using the double-extortion practice (encrypt the victim’s systems and steal data) to force negotiations, they’ve now eliminated the encryption. This is presumably due to the higher costs associated with the procedure.
If every precaution has failed and you’ve been infiltrated, you have 2 options at your disposal: negotiate or don’t. Experts warn against negotiating with the hackers because that only incentivizes them to continue their operations.
Plus, paying the ransom doesn’t guarantee anything. It doesn’t guarantee that the hackers will decrypt your files or that they won’t share your data with other ransomware rings. This is also true for Bian Lian.
Bian Lian no longer uses the double-extortion practice, which means that their financial returns are expectedly smaller now. That being said, there are workarounds to consider, and Bian Lian definitely considers them.
Because they no longer have the leverage of the decryption key to use during negotiations, they might seek to make money elsewhere. And what better way to do that than sell the stolen data to other ransomware gangs?
This explains why many ransomware victims are often contacted by different ransomware groups, sometimes months apart. This can understandably lead to massive financial losses over time.
The best course of action is to ignore the perpetrators and alert law enforcement agencies. A recent study showed that up to 75% of organizations worldwide have been hit with at least one ransomware attack during 2023.
Little over 25% of them got hit 4 or 5 times. More importantly, many of them didn’t even report some of these attacks, which deprived law enforcement agencies of valuable data.
To summarize: never negotiate and always alert local law enforcement entities about the event.
We believe security online security matters and its our mission to make it a safer place.