BianLian Ransomware Launches MOOver Cyberattack

The notorious BianLian ransomware group has targeted MOOver, claiming to have gained access to a staggering 1.1 terabytes of the organization’s data. The motives behind this MOOver cyberattack remain shrouded in mystery as the hackers have not disclosed any details.

Silence on MOOver Cyberattack Raises Doubts

The Cyber Express sought clarification from MOOver officials, but a response is still pending. Curiously, the official website remains fully accessible, casting doubts on the authenticity of the ransomware group’s MOOver cyberattack claims. Whether it’s a mere attention-grabbing tactic or the hackers have a deeper motive will only become clear once an official statement is released.

History Repeats: Previous Targets and Operational Websites

BianLian ransomware has been a menace since Q4, earning a reputation as one of the fastest in the market. According to a report by BlackBerry, the ransomware exhibits exceptional encryption speed and is coded in the Go programming language (Golang).

This isn’t the first time BianLian has struck. In October 2023, the ransomware group added four victims to their dark web portal, including Griffing & Company, P.C. Dow Golub Remels & Gilbreath, International Biomedical, and Jebsen Group. Despite the claims, the websites of these alleged victims are operational, showing no immediate signs of a cyberattack.

The Australian Real Estate Group (AREG) also fell prey to BianLian in December 2022, with the cybercriminals demanding a US$5 million ransom. The group shared compressed folders containing sensitive company data. The Cybersecurity and Infrastructure Security Agency (CISA) warns of BianLian’s grim track record, targeting critical infrastructure sectors in the U.S. since June 2022.

Infiltration Techniques and Data Exfiltration

BianLian doesn’t limit its scope to the U.S.; they have also set its sights on Australian critical infrastructure sectors, professional services, and property development. Their entry into victim systems is facilitated through valid Remote Desktop Protocol (RDP) credentials.

Utilizing open-source tools and command-line scripting, the group engages in discovery, and credential harvesting, and ultimately exfiltrates victim data through File Transfer Protocol (FTP), Rclone, or Mega.

As organizations brace for the increasing threat posed by BianLian, cybersecurity experts emphasize the need for robust preventive measures to safeguard sensitive data from falling into the hands of these cybercriminals.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.