Cyber Security Threat Summary:
The U.S. cybersecurity agency has warned that the BianLian ransomware group is shifting from malicious encryption to pure extortion. Instead of double extortion, the group now demands a ransom for keeping stolen data secret. The group's change in tactics is likely influenced by the release of a free decryptor by cybersecurity firm Avast. BianLian gains initial access to networks through compromised remote desktop protocol credentials, acquired from brokers or through phishing. They implant a customized backdoor and install remote management tools like TeamViewer. The group also disables antivirus tools and uses unique cryptocurrency wallets for each victim. To pressure victims, they print ransom notes using network printers and make threatening phone calls.

Security Officer Comments:
Extortion works because it preys on fear, vulnerability, and the desire to avoid potential harm or negative consequences. The victims often feel compelled to comply with the demands out of concern for their safety, reputation, or business continuity. The threat of public exposure, reputational damage, legal consequences, or physical harm can create a sense of urgency and pressure the victims to meet the extortionist's demands. Some victims may perceive paying the extortion as a more convenient or cost-effective solution compared to the potential consequences of non-compliance. They may also lack alternative options or believe that involving law enforcement could be ineffective or expose them to further risk.

Suggested Correction(s):
Paying extortionists does not guarantee that the threats will be completely eliminated or that the extortionists will uphold their end of the bargain. It can perpetuate the cycle of extortion by encouraging criminals to continue their illegal activities.

Source: https://www.bankinfosecurity.com/bianlian-skips-encryption-on-way-to-extortion-a-22101