Home / Malware Reports / BianLian Ransomware Report


BianLian ransomware is a malware strain that has been active since June 2022, targeting various industries such as education, healthcare, manufacturing, and finance. The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Australian Cyber Security Centre (ACSC) have issued joint advisories on BianLian ransomware, highlighting its targeting of critical infrastructure sectors in the United States and Australia.

BianLian ransomware operators applied the traditional double-extortion technique, whereby the ransomware encrypts victims’ data and demands a ransom for its release. However, in January 2023, the BianLian ransomware group pivoted to pure data extortion, excluding the encryption part of the attack. The BianLian ransomware group has been known to use valid Remote Desktop Protocol (RDP) credentials to gain initial access to systems.

The threat actor group has also been observed using reconnaissance malware, custom backdoors, and exploits for vulnerabilities such as CVE-2020-1472.


Successful exploitation by BianLian ransomware will almost certainly result in the encryption and exfilt ration of significant quantities of data held on the compromised system, prior to a ransom of a predetermined value being issued. The ransom amount demanded will almost certainly depend on the estimated value of the compromised organisation. Furthermore, such a compromise of data will also result in the organisation incurring a negative reputational impact. Encrypted data may include private customer data, corporate finance data and system credentials that if released can assist threat actors with future attacks.

Incident Detection

A comprehensive endpoint detection and response (EDR) solution, such as Microsoft Defender, can provide additional protection against ransomware threats like that implemented by BianLian ransomware. EDR solutions can alert system users of potential breaches and stop further progress before the malware can do significant damage.

Targeted Products

Windows OS.

The Quorum Cyber Threat Intelligence team provides ransomware reports so that you can better understand the threats facing your organisation.

Download your report to read more today.