BianLian
Medium ConfidenceMedium ThreatBianlian Ransomware
BianLian is a ransomware operation that has been active since at least 2022, initially using encryption-based attacks before transitioning to pure data extortion in early 2023. The group targets organizations across healthcare, education, and professional services sectors. BianLian is known for exploiting vulnerabilities in remote access services and using legitimate tools for lateral movement. Their shift away from encryption represents an evolution in ransomware tactics toward data theft-focused extortion.
BianLian is a ransomware operation that has been active since at least 2022, initially using encryption-based attacks before transitioning to pure data extortion in early 2023. The group targets organizations across healthcare, education, and professional services sectors. BianLian is known for exploiting vulnerabilities in remote access services and using legitimate tools for lateral movement. Their shift away from encryption represents an evolution in ransomware tactics toward data theft-focused extortion.
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: Medium.
Future Outlook
BianLian is expected to continue operations targeting Healthcare sectors.
First observed activity of BianLian
Continued active operations