Skip to content

Ransomware-as-a-Service group BianLian opts for unique model

November 25, 2024 – Published on SecurityBrief

The BianLian data extortion group operates with a structure that makes it more challenging for law enforcement to track down individual members compared to other Ransomware-as-a-Service (RaaS) groups.

Jason Baker, Principal Threat Intelligence Consultant for the GuidePoint Research and Intelligence Team (GRIT) at GuidePoint Security, highlights the nature of BianLian’s operations, contrasting it with the RaaS model adopted by other prominent ransomware groups.

“Among the most prolific ransomware groups today, most follow a RaaS structure, in which loosely aligned affiliates split a portion of paid ransoms with a core group responsible for maintaining supporting infrastructure and the underlying ransomware encryptor. This has reduced the barrier to entry for prospective cybercriminals as technical expertise is distributed among specialists rather than highly skilled generalists,” Baker explained.

BianLian diverges from the RaaS model, likely operating as a tightly-knit group taking charge of all their operations internally rather than advertising for new affiliates. This operational model is thought to enhance the group’s flexibility and resilience. According to Baker, “Bianlian breaks the norm in this regard, likely operating as an insular group responsible for the full spectrum of their operations rather than operating on a RaaS model or advertising for new affiliates. We assess that this has supported the group’s flexibility and resilience because fewer loose affiliates present fewer opportunities for LE penetration and because the group does not face the same disruptive risks as RaaS groups.”

Baker further noted that even when counteractions are taken, such as Avast’s release of a decryptor for BianLian ransomware in early 2023, the group managed to pivot quickly to focus on exfiltration-only data extortion without significant disruption to their operations

Read More HERE.