Ransomware Group

BianLian

Status: active • First seen 2022-06150+ known victims

BianLian stopped encrypting files after their encryption was cracked. Now they just steal data and threaten to leak it, which is actually harder to defend against.

Overview

BianLian shifted from encryption to pure data exfiltration and extortion after Avast released a decryptor. They now focus solely on data theft and leak threats.

Target Industries

Healthcare, Manufacturing, Professional Services, Legal

How They Attack

  • RDP exploitation
  • Data exfiltration only
  • Extortion without encryption
  • Leak threats

Notable Victims

Save the Children (2023), Healthcare providers

Is your business exposed?

How to Protect Against BianLian

  1. 1.

    Implement data loss prevention

  2. 2.

    Monitor for large data transfers

  3. 3.

    Secure RDP access

MITRE ATT&CK Techniques

T1021.001, T1567, T1078, T1041

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices