ransomware (opens in new tab) A group known as BianLian has decided to give up its encryption tools and instead focus solely on data theft and extortion, experts report.
A new report from cybersecurity researcher Redacted finds BianLian trying to extort business without first encrypting its endpoints.
Researchers are now speculating as to what motivated BianLian to change course, and two scenarios have emerged as the most likely.
Decryptor Released “The group promises not to leak stolen data or disclose the fact that victim organizations have been compromised after they have been paid. We provide these guarantees based on the fact that they depend on reputation. (opens in new tab) .
“In several instances, BianLian referred to the legal and regulatory issues that victims would face if it became public that their organization had been compromised. even go so far as to include specific references to subsections of the law and statutes.”
Researchers also found that the laws and statutes referenced by BianLian are often localized and highly relevant to victims. This led them to conclude that the group was trying to improve their bargaining skills in order to extort as much money as possible.
When trying to explain why the group decided to ditch the encryption device, two possible explanations emerged. First, the group found that infecting endpoints with ransomware and performing the entire operation was too time-consuming, costly, and ultimately redundant. With the right extortion skills, just stealing data is enough for a successful attack.
Second, the group has not adapted well since Avast released its free decryption tool in January of this year. When that happened, the threat actor explained that the decryption tool was less destructive because it only worked with older versions of the ransomware and actually corrupted files encrypted with newer versions.
As of a week ago, beep computer According to reports, BianLian’s extortion portal has nearly 120 victims. The majority (71%) are based in the United States.
Via: BleepingComputer (opens in new tab)
