Intel Name: #stopransomware: bianlian data extortion group
Date of Scan: November 21, 2024
Impact: High
Summary: Since June 2022, BianLian group actors have targeted multiple U.S. and Australian critical infrastructure sectors, along with professional services and property development. They gain access via valid RDP credentials, use open-source tools for discovery and credential harvesting, and exfiltrate data through FTP, Rclone, or Mega. The group extorts victims by threatening to release stolen data unless paid. Initially using a double-extortion model, they transitioned to exfiltration-based extortion by January 2023 and fully adopted this approach by January 2024.