FBI confirms BianLian ransomware switch to extortion only attacks
The FBI has confirmed that the BianLian ransomware group has switched to extortion-only attacks. BianLian has been targeting entities in the US and Australian critical infrastructure since June 2022. The group initially employed a double-extortion model, encrypting systems after stealing private data and threatening to publish the files. However, since January 2023, when Avast released a decryptor for the ransomware, the group switched to extortion based on data theft without encrypting systems. The Cybersecurity and Infrastructure Security Agency (CISA) warns that BianLian breaches systems using valid Remote Desktop Protocol (RDP) credentials and uses a custom backdoor written in Go, commercial remote access tools, and command-line and scripts for network reconnaissance. To mitigate the threat, CISA recommends limiting the use of RDP and other remote desktop services, disabling command-line and scripting activities, and restricting the use of PowerShell on critical systems. Malware: BianLian [View Article](https://www.bleepingcomputer.com/news/security/fbi-confirms-bianlian-ransomware-switch-to-extortion-only-attacks/)