Ransomware, Threat Intelligence

Joint US, Australian advisory sheds more light on BianLian ransomware

November 21, 2024

Share

Highly active BianLian ransomware operation, which has claimed attacks against Boston Children's Health Physicians, Save The Children, and Canada's Amherstburg Family Health Team, has been suspected by U.S. and Australian law enforcement to have originated from Russia, as well as obtained several affiliates across the country, reports The Record, a news site by cybersecurity firm Recorded Future.

Attacks by the BianLian, which have been completely exfiltration-based extortion since the beginning of the year, have involved the exploitation of Windows and VMware ESXi security vulnerabilities for initial access, with the ransomware gang leveraging various other tools to facilitate lateral movement and data compromise, according to a joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency, and the Australian Cyber Security Centre. "Newer ransomware notes state BianLian group has exfiltrated data and threaten to leak the exfiltrated data if the ransom is not paid," said the FBI, which noted that the gang has also been contacting employees to pressure their organizations into paying the demanded ransom.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

SC Staff

Related

Ransomware attacks primarily caused by poor cyber hygiene

SC StaffNovember 21, 2024

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Ransomware attack alert on monitor screen in data center, network security concept

Phobos ransomware operation uncovered by indictment against suspected admin

SC StaffNovember 21, 2024

Included in the Phobos-hit organizations that paid a ransom were a California public school system, a North Carolina children's hospital, a Maryland-based accounting and consulting service provider, and health organizations in Pennsylvania and Maryland, revealed an unsealed indictment against suspected Phobos administrator Evgenii Ptitsyn.

Law and Justice concept. Mallet of the judge, books, scales of justice. Gray stone background, reflections on the floor, place for typography. Courtroom theme.

US charges suspected Scattered Spider hackers, disrupts PopeyeTools

SC StaffNovember 21, 2024

Alleged Scattered Spider hackers Ahmed Hossam Eldin Elbadawy, Noah Michael Urban, Evans Onyeaka Osiebo, Joel Martin Evans, and Tyler Robert Buchanan have been indicted for their involvement in a prolonged cryptocurrency theft operation that involved SMS phishing, corporate system compromise, and further phishing intrusions.

Related Events

Related Terms

Account Harvesting Backdoor Deauthentication Attack Distributed Scans Domain Hijacking Drive-by Download Google Hacking Hybrid Attack Password Cracking Reconnaissance

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news