The BianLian ransomware gang, which emerged in mid-2021, has shifted its focus to pure data extortion according to a recent analysis by cybersecurity firm Check Point Research (CPR). The group is known for attacking organizations in the healthcare and pharmaceutical industries, as well as for using a unique attack method that blends fileless and file-based techniques. In its latest campaign, the BianLian gang has adopted a new approach, whereby they steal data first and then encrypt it, as opposed to encrypting the data first and then demanding a ransom. By taking this approach, the group can bypass ransomware protection measures and create more pressure on victims to pay the ransom.
CPR’s analysis revealed that the gang has already targeted several organizations, including a large US-based medical testing laboratory, and a multinational pharmaceutical company, among others. The group’s modus operandi involves exfiltrating data, encrypting it, and then publishing it on their data leak site if the victim refuses to pay the ransom. CPR warns that BianLian’s shift in tactics could inspire other ransomware groups to follow suit, creating more problems for organizations already grappling with the growing ransomware threat. The best way to prevent such attacks is to implement security best practices, such as regularly backing up data and patching vulnerabilities.