Sep 2, 2022 - Technology

Newest ransomware gang on the block

Illustration of a siren flashing on top of a computer.

Illustration: Aïda Amer/Axios

A new ransomware gang is starting to ramp up its operations — and its exploits focus on a programming language that makes it harder for researchers to crack.

The big picture: Ransomware hackers have had to get creative to avoid detection as companies have become increasingly aware of the threat and cost these file-encrypting cyberattacks pose.

What’s happening: Researchers at cybersecurity firm Redacted said in a report Thursday that the BianLian ransomware gang tripled its known operational infrastructure in August, indicating that more attacks from the gang could be coming soon.

  • Operational infrastructure includes the servers a ransomware gang is using to deploy malicious code and the IP address it owns for phishing emails.
  • BianLian writes its ransomware code using Go, an open-source language that emerged from inside Google and is adaptable to most machines.

Details: BianLian has been targeting American, Australian and British organizations across the health care, education, insurance and media industries since at least December.

  • The gang focuses on so-called “double extortion” attacks, where hackers demand a payment both to unlock the files they encrypted and to stop data leaks of stolen information.
  • So far, BianLian has posted information on about 20 victims on its data leak sites — suggesting those organizations declined to pay a ransom.

Threat level: The ransomware gang is targeting a popular security flaw in Microsoft Exchange servers known as ProxyShell, which allowed hackers to target more than 2,000 servers in just two days in August 2021.

Between the lines: BianLian is just the latest ransomware group to turn to the Go language, which may be less widely known among threat intelligence researchers and which also can be harder to reverse-engineer.

Go deeper