A ransomware group (opens in a new tab) known as BianLian has decided to spin off its cryptor and focus solely on data theft and extortion, experts report.
A new report from cybersecurity researchers Redacted has found that BianLian attempts to extort money from companies without first encrypting their endpoints.
Researchers are now speculating as to what motivated BianLian to change course, with two scenarios appearing the most likely.
decryptor released
"The group promises that after receiving the payment, it will not disclose the stolen data or disclose the fact that the victim organization has suffered a breach. BianLian offers these guarantees on the basis that its 'business' depends on its reputation," Redacted in your analysis (opens in a new tab).
"In several cases, BianLian referenced legal and regulatory issues a victim would face if it became public that the organization had suffered a breach. The group also went as far as to include specific references to paragraphs in various laws and statutes.
The researchers also found that the laws and statutes BianLian refers to are often localized and highly relevant to the victim. This led them to conclude that the group was looking to improve their negotiation skills in order to extort as much money as possible.
In trying to explain why the group decided to abandon encryption, two possible explanations emerged. The first is that the group realized that infecting endpoints with ransomware and performing the entire operation is too time consuming, too expensive, and ultimately redundant. With the right extortion skills, data theft is enough for a successful attack.
The second is that the group has not adapted properly since Avast released a free decryptor in January of this year. When this happened, the threat actor explained that the decryptor was not that disruptive as it only works on older versions of ransomware and will actually corrupt files encrypted by newer versions.
A week ago, BleepingComputer reports, BianLian counted nearly 120 victims on his extortion website. The majority (71%) are based in the United States.
Via: BleepingComputer (Opens in a new tab)