BianLian Breaches 2

Bogdan Pătru

By Bogdan Pătru . 20 April 2024

Tech Writer

Miklos Zoltan

Fact-Checked this

BianLian hackers announced 2 more victims today, JE Owens & Company and Western Saw, Inc. These are both US-based institutions with decades-rich history and immense recognition.

  • BianLian currently qualifies as one of the most effective and versatile ransomware gangs in the world
  • The group’s name comes from the ancient Chinese form of art that involved face-changing, which is quite telling of BianLian’s rapid adaptation and evolving
  • Neither of the 2 victims has commented on the attacks, so it’s unclear what their response will be
  • Based on how most ransomware victims choose to act, they will most likely refuse to negotiate with the hackers, but nothing is for certain

BianLian ranks as a highly adaptable and competent ransomware entity, working with knowledgeable operators on a global scale. The infamous actor prefers to target US-based entities and specifically aims for high-value targets, especially lately.

This wasn’t always the case, as the organization has evolved dramatically over time, after starting as an Android Trojan in 2019. It took 3 years for the group to evolve to the ransomware status, where it remained to this day.

Its tactics also changed with time, slowly upgrading from simple ransomware demands to the more intricate double-extortion practice. Currently, BianLian doesn’t rank as a RaaS service.

X showing the BianLian attack on the two victims
https://twitter.com/FalconFeedsio/status/1781269009054253108

The double-extortion practice is both annoying and more damaging than the standard ransomware breach. The tactic involves encrypting the victim’s system and stealing valuable data on top of that.

The victim needs to pay for the decryption key and for the deletion of the leaked data. Naturally, the victim has no way of verifying whether the hackers have kept their word regarding the latter. Which is why the standard advice is to never negotiate.

What Do We Know About BianLian?

Other than the fact that it’s a ransomware gang and a brief history of its accomplishments and progress, we don’t know much. BianLian evolved slowly over time, but has gained a lot of kick recently, especially throughout 2023.

The gang appears to work with highly competent and knowledgeable operators and likes to keep its cards close to its chest. Which is why it doesn’t offer RaaS (Ransomware-as-a-Service) services.

The group targets primarily high-value targets and often demands exorbitant ransoms. The hackers try to maximize their profits with every operation, especially since they don’t usually target multiple institutions at the same time.

It’s also worth mentioning that BianLian often extracts a lot of data, presumably in an effort to maximize their gains. In one such case, the hackers were able to steal 700 GB-worth of data from an undisclosed victim.

In such cases, the hackers will most likely make a profit even if the victim doesn’t pay the ransom. That’s because they typically sell the data on the Dark Web to other cybercriminal gangs. Which, naturally, spells disaster for the victim.

However, experts warn that paying the ransom or negotiating with the hackers doesn’t change much in this sense. They will most likely do the same even if the victim does pay. Hence, why most experts recommend adopting a no-negotiation policy.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment