#StopRansomware: BianLian Data Extortion Group

Summary

Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Note: This advisory, originally published May 2023, was updated November 20, 2024, with additional TTPs obtained as of June 2024 through FBI and ASD’S ACSC investigations and industry threat intelligence.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ASD’S ACSC investigations.

(New, November 20, 2024) The reporting agencies are aware of multiple ransomware groups, like BianLian, that seek to misattribute location and nationality by choosing foreign-language names, almost

Please click here to read more detail