Ransomware

BianLian

First seen: 2022-06 • Status: active

Currently Active Threat

BianLian stopped encrypting files and just steals data now. They threaten to publish your stolen information unless you pay.

Overview

BianLian shifted from encryption-based attacks to pure data extortion. They steal data and threaten to publish it without encrypting files.

Also Known As

Bian Lian

How It Spreads

  • RDP exploitation
  • VPN vulnerabilities
  • Valid credentials

What It Does

  • Data exfiltration
  • Extortion without encryption

Is your business exposed?

Target Platforms

Windows, Linux

Detection Tips

  • Monitor for data exfiltration
  • Watch for BianLian techniques

MITRE ATT&CK Techniques

T1567, T1021, T1078

If You're Infected

  1. 1.

    Assess what data was stolen

  2. 2.

    Prepare for potential data leak

Related Malware

Blackcat, Clop

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices