A Deep Dive into BianLian Ransomware
BianLian ransomware is a Golang malware that performed targeted attacks across multiple industries in 2022. The ransomware employed anti-analysis techniques consisting of API calls that would likely crash some sandboxes/automated analysis systems. The malware targets all drives identified on the machine and deletes itself after the encryption is complete.
Thefiles are encrypted using the AES256 algorithm (Golang package AES), and as opposed to other ransomware families, the AES key is not encrypted by a public key and is not stored in the encryptedfiles. We believe that decryption is possible by recovering the ransomware encryptor using forensics tools. The extension of the encryptedfiles is changed to “.bianlian."