The Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint Cybersecurity Advisory from government agencies in the United States and Australia, alerting organizations about the latest tactics, methods, and procedures (TTPs) utilized by the BianLian ransomware group.
BianLian is a ransomware and data extortion gang that has been attacking vital infrastructure in the United States and Australia since June 2022.
The advice, which is part of the #StopRansomware effort, is based on FBI and Australian Cyber Security Centre (ACSC) investigations as of March 2023. Its goal is to provide information to defenders that will help them to alter defenses and boost their security posture against BianLian ransomware and other similar threats.
BianLian used a double-extortion technique at first, encrypting systems after collecting private data from victim networks and then threatening to leak the contents. However, after Avast produced a decryptor for the ransomware in January 2023, the organization shifted to extortion based on data theft rather than encrypting systems.
This strategy remains appealing since the occurrences are essentially data breaches that result in reputation damage for the victim, impair customer trust, and present legal issues. According to CISA, BianLian compromises systems by exploiting genuine Remote Desktop Protocol (RDP) credentials obtained through first-access brokers or through phishing.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: