BianLian ransomware gang prepares for more cyberattacks
A new ransomware gang is starting to ramp up its operations – and its exploits focus on a programming language that makes it harder for researchers to hack.
The big picture: Ransomware hackers have had to get creative to avoid detection as businesses become increasingly aware of the threat and cost of these file-encrypting cyberattacks.
What is happening: Researchers from cybersecurity firm Redacted said in a report on Thursday that the BianLian ransomware gang tripled its known operational infrastructure in August, indicating that more attacks by the gang may soon occur.
- Operational infrastructure includes the servers a ransomware gang uses to deploy malicious code and the IP address they have for phishing emails.
- BianLian writes its ransomware code using Go, an open-source language that emerged from inside Google and is adaptable to most machines.
Details: BianLian has been targeting US, Australian and UK organizations in the healthcare, education, insurance and media sectors since at least December.
- The gang focuses on so-called “double extortion” attacks, where hackers demand payment both to unlock files they have encrypted and to stop data leaks of stolen information.
- So far, BianLian has published information on around 20 victims on its data leak sites, suggesting that these organizations have refused to pay a ransom.
Threat level: The ransomware gang targets a popular security flaw in Microsoft Exchange servers known as ProxyShell, which allowed hackers to target more than 2,000 servers in just two days in August 2021.
Between the lines: BianLian is just the latest ransomware group to turn to the Go language, which may be less familiar to threat intelligence researchers and may also be more difficult to reverse engineer.