As ransomware tactics evolve, so do the strategies needed to counter them. BianLian, a sophisticated ransomware variant, emerged in June 2022, presenting new challenges to data security, particularly in the U.S. and Australia. This ransomware group initially gained infamy with a double-extortion model, where they would encrypt systems and exfiltrate sensitive data, demanding a ransom not just for data access but also to prevent public exposure.
However, in January 2023, a public release of a decryptor from Avast removed this group’s encryption threat. Why is it still doing so much damage?
The group resorted to an intensified extortion-only modus operandi, with no system encryption, known as encryption-less ransomware or encryption-less extortion, focusing solely on data theft to extort victims. For organizations combating these advanced ransomware models, ITsMine’s proactive solutions offer a powerful defense.
The Shift to Data-Only Extortion
BianLian’s initial method combined data encryption with data theft, leveraging the stolen information to threaten exposure. This “double-extortion” approach compounded the risks for targeted organizations, forcing them to choose between significant data loss or potential exposure of sensitive information. However, when Avast released a decryptor that neutralized BianLian’s encryption tactics, the group adapted. Today, BianLian uses data exfiltration exclusively to extort victims, abandoning encryption but intensifying its exploitation of Remote Desktop Protocol (RDP) credentials, ProxyShell vulnerabilities, and compromised VPNs to gain access.
Why Traditional Security Fails to Address Modern Ransomware
Traditional security measures, often focused on preventing encryption, offer limited protection against BianLian’s latest approach. Without the encrypting component, most endpoint detection and response (EDR) tools and antivirus software cannot detect an attack as quickly, since no immediate disruption occurs within the system. Additionally, reliance on network perimeter defenses, like firewalls, proves inadequate against sophisticated attackers using valid credentials to bypass these barriers.
For these reasons, a shift from reactive to proactive data protection is crucial to effectively combat modern ransomware and extortion-only models.
How ITsMine Neutralizes Data-Only Ransomware Threats
ITsMine’s Managed Data Protection (MDP) solution is designed to protect data regardless of how or where it’s accessed, making it an ideal defense against encryption-less ransomware like BianLian. ITsMine provides unique tools such as Virtual Vaults, including File-GPS™, and File-Timebomb™ that protect sensitive data even if attackers manage to breach the network.
1. Virtual Vaults: Isolating Sensitive Data from External Access
ITsMine’s Virtual Vaults add an additional layer of data security by isolating critical data from potential exposure. Even if attackers successfully bypass network defenses, they find themselves restricted in their ability to access or exploit sensitive files. Virtual Vaults act as controlled environments for data storage, preventing unauthorized access and ensuring that sensitive information cannot be exfiltrated without detection.
2. File-GPS™: Tracking and Securing Data Beyond Boundaries
BianLian often exfiltrates data through secure channels like FTP and cloud storage, making it difficult to trace and recover. ITsMine’s File-GPS™ technology, however, goes beyond traditional tracking capabilities by continuously monitoring files even as they travel outside the network. By embedding tracking into each file, ITsMine ensures real-time location updates and status notifications, alerting organizations immediately if files are moved or accessed in unauthorized ways.
3. File-Timebomb™: Preventing Data from Falling into the Wrong Hands
For organizations facing extortion threats, the ability to remotely render stolen data inaccessible can be game-changing. ITsMine’s File-Timebomb™ allows data owners to set a “self-destruct” timer on sensitive files. This functionality effectively renders stolen data unusable after a specified period, reducing its value as leverage for attackers. For organizations facing potential public exposure or extortion, this feature alone can mitigate many of the risks associated with BianLian’s tactics.
Regulatory Compliance and Reduced Breach Notification Requirements
Beyond just security, ITsMine’s proactive measures also address compliance needs for regulations like GDPR, CCPA, and HIPAA. In the event of a data breach, organizations using ITsMine’s solutions benefit from reduced notification requirements. Since ITsMine ensures that sensitive data remains secure and often unusable even when exfiltrated, organizations can avoid costly fines and reputational damage by demonstrating that critical files were protected and inaccessible to unauthorized parties.
Proactive Data Protection in a Changing Ransomware Landscape
BianLian’s evolution toward encryption-less extortion is a symptom of the larger transformation happening in ransomware tactics. Attackers are learning to evade traditional defenses by circumventing encryption and focusing instead on data exfiltration. ITsMine’s agentless, easily managed solutions are designed to counteract these modern threats, making them ideal for organizations seeking robust data protection that extends beyond the network perimeter.
ITsMine’s proactive data-centric approach offers peace of mind and tangible safeguards against extortion. By focusing on securing the data itself, ITsMine effectively renders BianLian and similar ransomware groups’ tactics obsolete, ensuring organizations can protect their data—no matter the latest ransomware tactics.