Skip to content

Feds Warn of New BianLian Ransomware Group Attack Profile

November 22, 2024 – Published on DataBreachToday

Russian-based cybercrime gang BianLian has continued to thrive since shifting from using double extortion strategies to primarily data theft last year. BianLian is the third most active ransomware gang with a penchant for healthcare, and authorities are warning that the group has adopted new techniques, tactics and procedures.

The FBI, Cybersecurity Infrastructure and Security Agency – along with the Australian Signals Directorate’s Australian Cyber Security Centre – in an updated advisory Wednesday said BianLian is now trying to confuse investigators’ attempts to attribute the gang’s attacks – a trick that some other ransomware groups have also tried, the updated advisory said.

“BianLian is a ransomware developer, deployer and data extortion cybercriminal group, likely based in Russia, with multiple Russia-based affiliates.”

But BianLian seeks “to misattribute location and nationality by choosing foreign-language names, almost certainly to complicate attribution efforts,” the alert said.

BianLian, during the first nine months of 2024, was among the top three most active ransomware groups targeting the healthcare industry, behind LockBit and RansomHub, said Grayson North, senior security consultant at security firm GuidePoint Security.

“BianLian is attributable for 9% of the total healthcare victims year-to-date, and has historically disproportionately impacted healthcare and manufacturing organizations, potentially based on the belief that those in this vertical are more likely to pay a ransom,” he said.

Read More HERE.