----------------------------------------------------------------------------------
@MSGID: 29393.politicf@1:2320/105 2ba64e24
@TZUTC: -0500
@PID: Synchronet 3.20a-Linux master/acc19483f Apr 26
202 GCC 12.2.0
@TID: SBBSecho 3.20-Linux master/acc19483f Apr 26
2024 23:04 GCC 12.2.0
@BBSID: CAPCITY2
@CHRS: ASCII 1
One of the nastiest ransomware groups around may have a whole new way of
doing things
Date:
Fri, 22 Nov 2024 14:02:00 +0000
Description:
Encryptors appear to be going obsolete, with BianLian switching to pure theft.
FULL STORY
The infamous BianLian ransomware group has stopped deploying an encryptor on
victim devices, and now focuses exclusively on data exfiltration, an updated
security advisory from the US Cybersecurity and Infrastructure Security
Agency (CISA), and partner agencies has warned.
CISA, alongside the FBI and Australian Cyber Security Centre, first published
an in-depth report on BianLian in May 2024 as part of its #StopRansomware
effort, detailing the groups techniques, tactics, and procedures, but this
has now been updated with new information, including the changes to the
groups modus operandi.
As it turns out, BianLian no longer encrypts the information on the endpoints
of its victims. Rather, it just steals the data, and then demands payment in
exchange for not leaking it to the public.
BianLian following the trends
This is a change that the cybersecurity community has been warning about for
quite some time now, and BianLian is hardly the only group that is no longer
deploying the encryptor.
As it turns out, developing, maintaining, and deploying the encryption
software is too tedious, too cumbersome, and too expensive. In terms of money
extortion, simple data exfiltration yields the same results, anc crooks are
taking notice.
The agencies also say BianLian is a Russian actor, based in the country, and
with Russian affiliates. If the name threw you off, and made you think the
group is likely Chinese (or elsewhere in the far East, for that) - that is
intentional.
The reporting agencies are aware of multiple ransomware groups, like
BianLian, that seek to misattribute location and nationality by choosing
foreign-language names, almost certainly to complicate attribution efforts,
the report claims.
In the past, the group was observed targeting organizations in the US
critical infrastructure sector, and private enterprises in Australia.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/one-of-the-nastiest-ransomware-groups-a
round-may-have-a-whole-new-way-of-doing-things
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 1/120 18/0 50/109 116/17 18 116 123/0 25
180 525 755 3001 3002
SEEN-BY: 135/115 153/7715 154/10 221/1 6 222/2
240/1120 1634 8002 8005 8050
SEEN-BY: 250/1 275/1000 280/464 5003 291/111 301/1
113 123 313/41 335/364
SEEN-BY: 341/66 371/0 467/888 492/0 530/204
712/1321 2320/0 105 304 401
SEEN-BY: 3634/0 12 24 27 56 57 58 5000/111
5005/49 5020/715 846 848 1042 4441
SEEN-BY: 5020/12000 5030/49 1081 5058/104 5061/133
5075/128 5083/444
@PATH: 2320/105 3634/12 240/1120 301/1 5020/1042
4441