Advisory warns of activities of BianLian ransomware group

A. joint consultation The report, released on November 20 by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and international partners, warns of the cybercriminal activities of the BianLian ransomware group. The actions of BianLian actors have affected many industries across the United States since 2022, the agencies said. They work by gaining access to victims’ systems via valid remote desktop protocol credentials and use open source tools and command line scripts to find and steal credentials. Actors then extort money from victims by threatening to release the stolen data.

“The BianLian group has been listed as one of the most active groups over the last few years and is known to attack the healthcare industry,” said Scott Gee, AHA deputy national counsel for cybersecurity and risk. “The group frequently uses RDP for access, which is a reminder to ensure that hospitals tightly limit the use of RDP and similar services to help mitigate this threat and many other threats that use RDP as part of their initial access to infiltrate networks It encrypts networks and does not appear to disrupt hospital operations, making it an excellent resource to assist if a person thinks they may have had their personal information stolen and become a victim of identity theft. identitytheft.gov”

For more information on this or other cyber and risk issues, contact Gee at [email protected]. For the latest threat information and other cyber and risk resources, visit: www.aha.org/cybersecurity.