BianLian is a cybercriminal ransomware group based in Russia (almost certain) which target organizations in US (critical infrastructures sectors - CNI), Australia (private enterprises) and UK since June 2022.
[1][2][3][4] By 2023, the group had exfiltrated the files and encrypted the victim's systems - double-extortion method.
[5][3] They use valid Remote Desktop Protocol credentials to gain access to the systems.
[6][3] In 20 November 2024, FBI, United States’ Cyber Security and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint security advisory about BianLian ransomware group.
This malware-related article is a stub.