SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Encryption
#
Avast

Ransomware-as-a-Service group BianLian opts for unique model

Today
Author image
By Sean Mitchell, Publisher

The BianLian data extortion group operates with a structure that makes it more challenging for law enforcement to track down individual members compared to other Ransomware-as-a-Service (RaaS) groups.

Jason Baker, Principal Threat Intelligence Consultant for the GuidePoint Research and Intelligence Team (GRIT) at GuidePoint Security, highlights the nature of BianLian's operations, contrasting it with the RaaS model adopted by other prominent ransomware groups. "Among the most prolific ransomware groups today, most follow a RaaS structure, in which loosely aligned affiliates split a portion of paid ransoms with a core group responsible for maintaining supporting infrastructure and the underlying ransomware encryptor. This has reduced the barrier to entry for prospective cybercriminals as technical expertise is distributed amongst specialists rather than highly skilled generalists," Baker explained.

BianLian diverges from the RaaS model, likely operating as a tightly-knit group taking charge of all their operations internally rather than advertising for new affiliates. This operational model is thought to enhance the group's flexibility and resilience. According to Baker, "Bianlian breaks the norm in this regard, likely operating as an insular group responsible for the full spectrum of their operations rather than operating on a RaaS model or advertising for new affiliates. We assess that this has supported the group's flexibility and resilience because fewer loose affiliates present fewer opportunities for LE penetration and because the group does not face the same disruptive risks as RaaS groups."

Baker further noted that even when counteractions are taken, such as Avast's release of a decryptor for BianLian ransomware in early 2023, the group managed to pivot quickly to focus on exfiltration-only data extortion without significant disruption to their operations. He compared this adaptability to the eventual challenges faced by RaaS groups, stating, "RaaS groups, such as Akira, have performed similar pivots in the face of decryptor publication in the short term, but have ultimately had to devise new encryptor versions to maintain their viability and affiliates over the long term."

The effectiveness of BianLian's approach underscores the evolving tactics in ransomware operations, with an increased emphasis on data extortion. "BianLian's continued efficacy also highlights the effectiveness of data extortion concurrent with or even in lieu of data encryption. While data encryption remains a valuable weapon in double-extortion ransomware attacks, groups such as BianLian have adapted to the increased preparedness of Defenders and the increased availability of backups in the enterprise environment to focus on the more attainable goal of exfiltrating sensitive data and holding it hostage..." Baker remarked.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
ThreatQuotient report highlights rise in cyber automation
Deepfake attacks seen as top cyber threat in Australia
Cybercriminals target Olympic Games & concerts in 2024
ESET unveils enhanced home security to combat identity theft
Akamai enhances cloud security & zero trust solutions
Top stories
HiTRUST focuses on balancing security with user experience
Ransomware attacks rise with construction sector most hit
Cybersecurity report reveals 145,000 exposed ICS systems
Five best practices for consumers to protect their personal data in the new world of AI
CYFOX & Simplicity One partner for SMB cybersecurity