Simulating BianLian Ransomware to Test Defences

On May 16th 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) issued a joint advisory (Advisory AA23-136A) on the emergence of a new Ransomware group, calling themselves BianLian (after the infamous Chinese theatrical costume dances). BianLian Ransomware has been active in a variety of industry sectors in the United States and Australia, at the time of writing. We are delighted to say that Validato customers can now safely simulate BianLian Ransomware MITRE ATT&CK Techniques to test and validate security control effectiveness and detection capabilities. Read more about Simulating BianLian Ransomware to test defences below:

About BianLian Ransomware Group

BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development. The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, uses open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrates victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian group actors then extort money by threatening to release data if payment is not made. BianLian group originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, around January 2023, they shifted to primarily exfiltration-based extortion.

Here is a sample ransom note left behind by BianLian on a victim’s computer:

Simulating BianLian Ransomware to Test Defences

BianLian ransom note

BianLian MITRE ATT&CK Techniques

The following table outlines the key behaviours and techniques of the BianLian Ransomware group, mapped to MITRE ATT&CK techniques. These Techniques are available in the Validato platform to safely simulate and test cyber defences.

BianLian MITRE ATT&CK Techniques mapped to Validato

Testing your defences against BianLian in Validato

Validato customers can test their security controls and detection capabilities against BianLian behaviours and techniques instantly.

Validato – simulation scenario for BianLian Ransomware Techniques

Here is a summary of the test results in Validato, reporting on overall Protection status and Detection status.

Validato – BianLian threat simulation test results

In addition to regularly validating your defences with tools like Validato, here are CISA’s top level remediation actions to take:

Strictly limit the use of RDP and other remote services
Disable command-line and scripting activities and permissions
Restrict usage of PowerShell and update Windows PowerShell or PowerShell Core to the latest version

Request a trial of Validato

Why not request a trial of the Validato attack simulation platform. It is free for three weeks. Request access here.

#stopransomware

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Simulating BianLian Ransomware to Test Defences

About BianLian Ransomware Group

BianLian MITRE ATT&CK Techniques

Testing your defences against BianLian in Validato

Request a trial of Validato

About the Author: Ronan Lavelle

Leave A Comment Cancel reply

VALIDATO

CONTACT US

RECENT BLOG ARTICLES

> How can businesses start using MITRE ATT&CK for ongoing security assessments?

> What tools are best for continuous security validation using MITRE ATT&CK?

> How does continuous security validation help with compliance?

> Can MITRE ATT&CK be automated for continuous security validation?

> What are the most common security gaps identified through continuous validation?

SIGN UP TODAY!

SIGN UP TODAY!

Simulating BianLian Ransomware to Test Defences

About BianLian Ransomware Group

BianLian MITRE ATT&CK Techniques

Testing your defences against BianLian in Validato

Request a trial of Validato

Share This Story, Choose Your Platform!

About the Author: Ronan Lavelle

Leave A Comment Cancel reply

VALIDATO

CONTACT US

RECENT BLOG ARTICLES

> How can businesses start using MITRE ATT&CK for ongoing security assessments?

> What tools are best for continuous security validation using MITRE ATT&CK?

> How does continuous security validation help with compliance?

> Can MITRE ATT&CK be automated for continuous security validation?

> What are the most common security gaps identified through continuous validation?

SIGN UP TODAY!

SIGN UP TODAY!