Avast posts decryptor for the BianLian ransomware

January 17, 2023 – Published on SC Magazine

Researchers at Avast on Monday released a decryptor for the BianLian ransomware that they posted on a blog for public download.

The researchers said the BianLian ransomware emerged in August 2022 and raised the threat bar by encrypting files at high speeds. The threat group performed targeted attacks in many different industries, including media and entertainment, manufacturing and the healthcare sector.

According to the researchers, upon its execution, BianLian searches all available disk drives (from A: to Z:). For all found drives, it then searches all files and encrypts files whose file extensions match one the 1,013 extensions hardcoded in the ransomware’s binary.

Drew Schmitt, lead analyst at GuidePoint’s research and intelligence team (GRIT), pointed out that BianLian was the seventh most active double extortion ransomware group in 2022, despite its operations beginning in summer 2022. Schmitt said GRIT found that BianLian claimed 76 public victims, accounting for 3% of the total ransomware victims in 2022.

“Beginning in late-November through the end of 2022, the group has averaged one new public victim each day, which may be a result of maturing their processes and/or adding new members to their team,” said Schmitt. “Although BianLian has become well-known in 2022, their methods show signs of an inexperienced group including leveraging a less sophisticated leak site and utilizing chat applications such as Tox for conducting their negotiations. BianLian is also generally more aggressive in their negotiation tactics, starting most negotiations with very high ransom demands.”

Read More HERE.