Updated on 2022-12-13
SecurityScorecard’s Vlad Pasca has a technical analysis of the BianLian ransomware. One of Pasca’s main discoveries is that there might be a way to recover encrypted files if DFIR teams can recover the original BianLian encrypter. Read more:
“The same key is used to encrypt all files, which is unusual for most ransomware families. The AES key is not encrypted by a public key, which makes the decryption possible if the ransomware encryptor is recovered after its deletion.”
Updated on 2022-10-17
BianLian ransomware: On the same note, BlackBerry’s security team also has a write-up on the BianLian ransomware and its “fast” encryption routine. Read more: BianLian Ransomware Encrypts Files in the Blink of an Eye
Overview: BianLian ransomware group
Threat intelligence company BetterCyber has discovered a new ransomware group named BianLian, which also operates a leak site on the dark web, where it publishes data from victims who refuse to pay.
A new #ransomware group named #BianLian claims to have hacked #Mooresville Schools (@MrsvlPioneers), a public school district in Indiana, 🇺🇸. The group claims to have stolen ~4,200 student records containing phone numbers, email addresses, and social security numbers… pic.twitter.com/QWECxn62L9
— BetterCyber (@_bettercyber_) July 11, 2022
