• Home
  • News
  • BianLian Ransomware Attacks 3 in US

BianLian Ransomware Attacks 3 in US

Miklos Zoltan

By Miklos Zoltan . 23 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

3 companies fell victim to BianLian recently after aggressive ransomware attacks. BianLian posted evidence of the attacks on its public TOR website, but didn’t give away any details regarding the status of the ransom or the negotiations in effect.

  • BianLian is a veteran in the cyberhacking world with evidence of its profile dating as back as 2019
  • The ransomware actor first became active in its current form in 2022, along with the first attacks
  • BianLian is known to be extremely aggressive and slippery, managing to overcome even the most advanced defense systems
  • The organization’s TOR website is very well structured with different categories for the many markets that the actor is active in

BianLian currently ranks as one of the most adaptable and innovative cybercriminal organizations. The ransomware actor constantly evolves and upgrades its systems, which allows it to stay one step ahead of its targets.

Based on the actor’s general MO, it is presumed that the negotiations are rough. BianLian usually goes for large ransoms and is generally unbending when it comes to negotiations. This means that its pay rate isn’t great.

X showing the BianLian attack on the 3 US companies
https://twitter.com/FalconFeedsio/status/1749333575873307034

This doesn’t matter too much, so long as some victims pay, given that the ransoms are so inflated. If the victim chooses not to pay, BianLian leaks the stolen data online or sells if it decides it’s too valuable to share for free.

This can sometimes impact the victims more severely than paying the ransom would.

Who Is BianLian?

The organization’s true identity and internal structure is unknown, which is rather surprising given the group’s history and age. While BianLian first became active under its current name in 2022, traces of its code were discovered as early as 2019.

The actor’s evolution soon took off, with BianLian being involved in hundreds of hits over the years. The organization’s very name stands as evidence of its abilities and general profile.

BianLian alludes to the ancient Chinese art of “face-changing”, which is fitting, giving the group’s predilection for adapting its tactics and approaches constantly. This approach keeps BianLian on the top of their game, allowing them to circumvent most defenses.

Unlike most ransomware actors, though, BianLian doesn’t always encrypt the victim’s data. Especially if the victim is a high-profile public or private institution. Instead, it will rely on the victim’s reputation to extort money from it.

When dealing with small and medium-sized corporations, BianLian opts for cloning and encrypting the data instead. This sometimes forces the victim to pay for the decryption key if they can’t restore their systems otherwise.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Miklos Zoltan
Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan
  • Connect with the author:

Leave a Comment