BianLian
BianLian is a GoLang-based ransomware that continues to breach several industries and demand large ransom amounts. The threat actors also use the double extortion method by stealing an affected organization’s files and leaking them online if the ransom is not paid on time. BianLian gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, around January 2023, they shifted to primarily exfiltration-based extortion. The BianLian ransomware uses goroutines and encrypts files in chunks to quickly hijack an infected system. The ransomware adds its own extension to each encrypted file.
C2 Infrastructure
Last 7 days
| Date | C2 Hosts |
|---|---|
| Mar 23, 2026 | 1 |
Further Reading
More interesting and practical queries for identifying malware infrastructure.
More interesting and practical queries for identifying malware infrastructure.
[redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. Learn how their cyber defense team responded.
March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.