We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

BianLian Targets Healthcare and Manufacturing in US, EU

BianLian Targets Healthcare and Manufacturing in US, EU
Author Image Husain Parvez
Husain Parvez Published on 26th January 2024 Cybersecurity Researcher

The BianLian ransomware group, notorious for its evolving strategies, has now intensified its focus on the healthcare and manufacturing sectors in the United States and Europe. This move signals a significant threat to data security and operational stability in these critical industries.

According to a detailed report by Unit 42 researchers from Palo Alto Networks, BianLian, initially known for traditional ransomware attacks where files are encrypted and a ransom is demanded, have now begun foregoing the encryption stage and immediately stealing data. This is seemingly in an effort to better motivate their victims to pay the ransom via a more immediate threat of data exposure.

The group's proficiency in using a custom.NET tool for data extraction, which is also utilized by the Makop ransomware group, suggests a possible collaboration or shared resources between the two entities. This tool is specifically designed to retrieve sensitive information from compromised systems, including files, registry data, and clipboard contents. Notably, the presence of Russian language elements in the tool hints at the group's origins.

BianLian's operations are marked by sophistication and stealth, as it employs a variety of methods to gain initial access to target networks. These include exploiting known vulnerabilities like ProxyShell, using stolen Remote Desktop Protocol credentials, and targeting virtual private network providers. Once inside the network, BianLian uses various public tools for lateral movement and maintaining persistence.

The recent focus of BianLian on the healthcare and manufacturing sectors is particularly alarming. In a notable incident in January 2023, as reported by SiliconANGLE, the group claimed to have infiltrated a California-based hospital, exfiltrating 1.7 terabytes of data. The breach included sensitive personal information of patients and employees. The potential disruption to hospitals' day-to-day operations and the endangerment of patients' lives make these attacks on healthcare organizations especially concerning.

Back in September, BianLian reportedly targeted Save The Children International, a prominent nonprofit organization. In the breach, an alarming 6.8TB of data was stolen, including sensitive personal and financial data, along with health records. This ruthless attack on an organization dedicated to child welfare underscores the group's merciless nature.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.