May 16, 2023

BianLian Ransomware Gaining Prominence

May 16, 2023

What we know so far

This joint cybersecurity advisory by the FBI, CISA, and ACSC aims to share information about the BianLian ransomware and data extortion group. BianLian is a cybercriminal group that has targeted organizations in critical infrastructure sectors in the US and Australia since June 2022. They gain access to victim systems using valid Remote Desktop Protocol (RDP) credentials and employ open-source tools and command-line scripting for discovery and credential harvesting. Victim data is exfiltrated through File Transfer Protocol (FTP), Rclone, or Mega, and the group extorts money by threatening to release the data if payment is not made. The advisory provides mitigation recommendations to help critical infrastructure organizations and small- to medium-sized organizations reduce the likelihood and impact of BianLian and other ransomware incidents.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories