1. Forum
  2. FidoNet
  3. POLITICS

  • One of the nastiest ranso

    From Mike Powell@1:2320/105 to All on Fri Nov 22 10:24:00 2024
    One of the nastiest ransomware groups around may have a whole new way of
    doing things

    Date:
    Fri, 22 Nov 2024 14:02:00 +0000

    Description:
    Encryptors appear to be going obsolete, with BianLian switching to pure theft.

    FULL STORY

    The infamous BianLian ransomware group has stopped deploying an encryptor on victim devices, and now focuses exclusively on data exfiltration, an updated security advisory from the US Cybersecurity and Infrastructure Security
    Agency (CISA), and partner agencies has warned.

    CISA, alongside the FBI and Australian Cyber Security Centre, first published an in-depth report on BianLian in May 2024 as part of its #StopRansomware effort, detailing the groups techniques, tactics, and procedures, but this
    has now been updated with new information, including the changes to the
    groups modus operandi.

    As it turns out, BianLian no longer encrypts the information on the endpoints of its victims. Rather, it just steals the data, and then demands payment in exchange for not leaking it to the public.

    BianLian following the trends

    This is a change that the cybersecurity community has been warning about for quite some time now, and BianLian is hardly the only group that is no longer deploying the encryptor.

    As it turns out, developing, maintaining, and deploying the encryption
    software is too tedious, too cumbersome, and too expensive. In terms of money extortion, simple data exfiltration yields the same results, anc crooks are taking notice.

    The agencies also say BianLian is a Russian actor, based in the country, and with Russian affiliates. If the name threw you off, and made you think the group is likely Chinese (or elsewhere in the far East, for that) - that is intentional.

    The reporting agencies are aware of multiple ransomware groups, like
    BianLian, that seek to misattribute location and nationality by choosing foreign-language names, almost certainly to complicate attribution efforts,
    the report claims.

    In the past, the group was observed targeting organizations in the US
    critical infrastructure sector, and private enterprises in Australia.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/one-of-the-nastiest-ransomware-groups-a round-may-have-a-whole-new-way-of-doing-things

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)