Threat Assessment: BianLian ransomware group

Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data they’ve gathered.

From that leak site data, Unit 42 primarily observed activity affecting the healthcare and manufacturing sectors and industries, and impacting organizations mainly in the United States (US) and Europe (EU). The researchers also observed that the BianLian group shares a small, customized tool in common with the Makop ransomware group. This shared tool indicates a possible connection between the two groups, which they will explore further. BianLian has also recently moved from a double extortion scheme to one of extortion without encryption.

Read more…
Source: Palo Alto Unit 42