• One of the nastiest ransomware groups around may have a whole new

    From TechnologyDaily@1337:1/100 to All on Friday, November 22, 2024 14:15:05
    One of the nastiest ransomware groups around may have a whole new way of
    doing things

    Date:
    Fri, 22 Nov 2024 14:02:00 +0000

    Description:
    Encryptors appear to be going obsolete, with BianLian switching to pure theft.

    FULL STORY ======================================================================CISA updates advisory on BianLian, originally published in May 2024 Agency claims the group is moving away from deploying the encryptor Instead, BianLian exfiltrates sensitive data and threatens to release it

    The infamous BianLian ransomware group has stopped deploying an encryptor on victim devices, and now focuses exclusively on data exfiltration, an updated security advisory from the US Cybersecurity and Infrastructure Security
    Agency (CISA), and partner agencies has warned.

    CISA, alongside the FBI and Australian Cyber Security Centre, first published an in-depth report on BianLian in May 2024 as part of its #StopRansomware effort, detailing the groups techniques, tactics, and procedures, but this
    has now been updated with new information, including the changes to the
    groups modus operandi.

    As it turns out, BianLian no longer encrypts the information on the endpoints of its victims. Rather, it just steals the data, and then demands payment in exchange for not leaking it to the public. BianLian following the trends

    This is a change that the cybersecurity community has been warning about for quite some time now, and BianLian is hardly the only group that is no longer deploying the encryptor.

    As it turns out, developing, maintaining, and deploying the encryption software is too tedious, too cumbersome, and too expensive. In terms of money extortion, simple data exfiltration yields the same results, anc crooks are taking notice.

    The agencies also say BianLian is a Russian actor, based in the country, and with Russian affiliates. If the name threw you off, and made you think the group is likely Chinese (or elsewhere in the far East, for that) - that is intentional.

    The reporting agencies are aware of multiple ransomware groups, like
    BianLian, that seek to misattribute location and nationality by choosing foreign-language names, almost certainly to complicate attribution efforts, the report claims.

    In the past, the group was observed targeting organizations in the US
    critical infrastructure sector, and private enterprises in Australia. You might also like Linux systems are being hit by a wide-ranging and dangerous new malware Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/one-of-the-nastiest-ransomware-groups-a round-may-have-a-whole-new-way-of-doing-things


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)