bianlian
Group profile
BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for a decryptor, as well as the non-release of stolen data. The ransomware group hosts a public, TOR-based, blog to post victim identities and stolen data. Somewhat unique to BianLian at the time of their launch was their inclusion of an I2P mirror for their blog.
MITRE ATT&CK TTPs
Execution
Defense Evasion
T1027.002Software Packing
Adversaries may perform software packing or virtual machine software protection to conceal their code.
T1036Masquerading
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.
T1497Virtualization/Sandbox Evasion
Adversaries may employ various means to detect and avoid virtualization and analysis environments.
Discovery
T1082System Information Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
T1083File and Directory Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1120Peripheral Device Discovery
Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.
T1518.001Security Software Discovery
Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment.
Lateral Movement
T1091Replication Through Removable Media
Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes.
Impact
T1486Data Encrypted for Impact
Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.
Recent victims
showing 50 of 552| Date | Website / victim | Sector | Country |
|---|---|---|---|
| 2025-03-31 |  CMC Technology Groupcmctechgroup.com | Technology | VN |
| 2025-03-31 |  Meridian Seniormeridiansenior.com | Healthcare | US |
| 2025-03-31 |  Saunders and Saunderssanders-sanders.co.uk | Business Services | GB |
| 2025-03-31 |  Sonrisas Dental Healthsonrisasdental.org | Healthcare | US |
| 2025-03-22 |  Goshen Medical Centergoshenmedical.org | Healthcare | US |
| 2025-03-07 |  Allworxallworx.com | Telecommunication | US |
| 2025-02-25 |  Island Realtyislandreality.com | Business Services | US |
| 2025-03-07 |  Minnesota Orthodonticsminnesotaorthodontics.com | Healthcare | US |
| 2025-03-04 |  Keystone Pacific Property Management LLCkeystonepacificpm.com | Business Services | US |
| 2025-03-04 |  Mosley Glick O’Brien, Inc.mgoinc.com | Financial Services | US |
| 2025-03-04 |  Legal Aid Society of Salt Lakelegalaidsocietyofsaltlake.org | Public Sector | US |
| 2025-03-04 |  Ewald Consultingewald-consulting.com | Business Services | US |
| 2025-02-19 |  Alabama Ophthalmology Associatesaoapc.com | Healthcare | US |
| 2025-02-13 |  Aspire Rural Health Systemaspirerhs.org | Healthcare | US |
| 2025-01-13 | N Nash Brothers Construction | Construction | US |
| 2025-02-13 |  Nippon Steel USAnipponsteel.com | Manufacturing | US |
| 2025-02-13 |  Financial Services of America, Inc.fsa1.com | Financial Services | US |
| 2025-02-13 |  Layfield & Borel CPA's L.L.Clayfieldandborelcpas.com | Financial Services | US |
| 2025-02-13 |  Dain, Torpy, Le Ray, Wiest & Garner, P.C.daintorpy.com | Business Services | US |
| 2025-01-07 |  D-7 Roofingd7roofing.com | Construction | US |
| 2025-02-10 |  Recievership Specialistsrecievershipspecialists.com | Business Services | US |
| 2025-02-05 | D Dash Business | Business Services | |
| 2025-02-05 |  Hall Chadwickhallchadwick.com.au | Financial Services | AU |
| 2025-02-05 |  NESCTC Security Servicesnesctc.com | Business Services | US |
| 2025-02-04 |  C & R Molds Inccrmolds.com | Manufacturing | US |
| 2025-02-04 |  Commercial Solutionscommercialsolutions.com | Business Services | US |
| 2025-02-02 |  Cyrious Softwarecyrious.com | Technology | US |
| 2025-02-02 |  Medical Associates of Brevardmabmd.com | Healthcare | US |
| 2025-02-02 |  Civic Committeeciviccommittee.org | Public Sector | US |
| 2025-02-02 |  Ayres Law Firmayres-law-firm.com | Business Services | US |
| 2025-02-02 |  Growth Acceleration Partnersgrowthaccelerationpartners.com | Technology | US |
| 2025-01-18 |  MassDevelopmentmassdevelopment.com | Public Sector | US |
| 2024-12-26 |  Caframo Limited.caframo.com | Manufacturing | CA |
| 2024-12-18 |  Cottrell Fletcher & Cottrell P.C.cottrellaw.com | Business Services | US |
| 2024-12-18 |  Giordano, DelCollo, Werb & Gagne, LLC.gdwlawfirm.com | Business Services | US |
| 2024-12-14 |  American Computer Estimating Incace-it.com | Technology | US |
| 2024-12-14 |  MedRevenu Incmedrevenu.com | Healthcare | US |
| 2024-12-14 |  Mid Florida Primary Caremymfpc.com | Healthcare | US |
| 2024-12-10 |  Global Insurance Agency LLCiglobalinsure.com | Financial Services | US |
| 2024-12-10 |  Physicians' Primary Care of Southwest Floridappcswfl.com | Healthcare | US |
| 2024-12-06 |  LTI Trucking Servicesltitrucking.com | Transportation/Logistics | US |
| 2024-12-05 |  Star Shuttle Inc.starshuttle.com | Transportation/Logistics | US |
| 2024-12-01 |  Alpine Ear Nose & Throatalpineent.com | Healthcare | US |
| 2024-11-26 |  TWRU CPAs & Financial Advisorstwru.com | Financial Services | US |
| 2024-11-22 |  Trinity Petroleum Management, LLCtrinitymgt.com | Energy | US |
| 2024-11-21 |  Kellerhals Ferguson Kroblin PLLCkellfer.com | Business Services | US |
| 2024-11-21 |  Silverback Explorationsilverbackexp.com | Energy | US |
| 2024-11-20 | A Amherstburg Family Health | Healthcare | CA |
| 2024-11-10 |  Immuno Laboratories, Incimmunolabs.com | Healthcare | US |
| 2024-11-09 |  ATSG, Incatsg.net | Transportation/Logistics | US |