BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it was first outed in mid-July of 2022. Industries that can count themselves among the victims of BianLian include healthcare, manufacturing, energy and utilities, education, professional services, media and entertainment, and banking, financial services, and insurance. (BFSI)
Thankfully, Avast has announced that they have developed a BianLian decryptor by reverse engineering the visible strings that exist as a result of the Go language’s nature. It is publicly available for free now, and can be downloaded directly at: https://files.avast.com/files/decryptor/avast_decryptor_bianlian.exe
Currently, the decryptor can only restore files encrypted by a known variant of the BianLian ransomware. If you are a recent victim and are not having success with the current version, you can attempt to find the ransomware binary on your affected systems and forward the sample to decryptors@avast.com to be included in a future update. The typical BianLian ransomware is a “.exe” file around 2 MB in size.
Indicators of Compromise:
The following are SHA-256 file hashes for known BianLian ransomware files.
1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43
3a2f6e614ff030804aa18cb03fcc3bc357f6226786efb4a734cbe2a3a1984b6f
46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b
3be5aab4031263529fe019d4db19c0c6d3eb448e0250e0cb5a7ab2324eb2224d
a201e2d6851386b10e20fbd6464e861dea75a802451954ebe66502c2301ea0ed
ae61d655793f94da0c082ce2a60f024373adf55380f78173956c5174edb43d49
eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2
