CISA Advisory

BianLian Ransomware Advisory

AA23-144A • Published May 24, 2023

Severity: high

BianLian is a ransomware gang that changed tactics. Instead of locking your files, they now just steal them and threaten to post them online unless you pay. This means having good backups is not enough - you need to prevent the initial break-in.

Overview

Joint advisory on BianLian ransomware group targeting critical infrastructure. BianLian has shifted from encryption to pure data extortion, threatening to release stolen data.

Who Is At Risk

  • Healthcare sector
  • Professional services
  • Manufacturing
  • Critical infrastructure
  • Financial services

Is your business exposed?

Immediate Actions

  1. 1.

    Implement strict access controls

  2. 2.

    Monitor for data exfiltration

  3. 3.

    Disable command-line tools for standard users

  4. 4.

    Implement application allowlisting

  5. 5.

    Enable PowerShell logging

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices