BianLian is responsible for the infiltration 2 US entities, operating in the law and financial field, respectively. The 2 are NOVA Business Law Group and The Wiser Financial Group.
The organization is infamous for its predilection for high-profile targets. BianLian has been known to strike at a wide range of targets throughout the years, but it prefers large companies. This is due to the higher payout in case the victim does pay the ransom.
BianLian also gathered notoriety for asking for abnormally high ransoms and being pretty rigid in negotiations. This causes many victims to prefer public data leak than pay an exorbitant fee in exchange for the decryption key.
BianLian tends to stick to the standard double-extortion method, encrypting the victims’ data and cloning and downloading it for blackmailing reasons. But the group doesn’t always go that route. In some cases, the actor only downloads the data.
It doesn’t encrypt it on the parent system, either because it can’t or because it doesn’t deem it to be necessary. If the data collected in compromising enough, the victim may choose to pay the ransom to make sure it doesn’t leak to the public.
The organization’s identity and structure are still uncertain at this point. What is known is the group’s path since inception. BianLian first became visible in the public space as early as 2019, when it started as a banking Trojan.
The very first iterations reached the public sphere in 2019, but the actor became a ransomware threat in its own rights in 2022. Since then, BianLian was involved in numerous attacks with varying frequency. US appears to the be main target.
The organization performed more than 60% of its operations on US soil.
Specialists recommend prevention as the main tool against BianLian and other ransomware. This includes upgrading the defense systems, using 2-step identification forms, and even contracting the services of a specialist.
When it comes to the ransoms themselves, specialists recommend a no-negotiation approach. Paying the ransom incentivizes attackers to stay in business.
We believe security online security matters and its our mission to make it a safer place.