Project Hyphae

BianLian Ransomware Decryptor Made Public

Share This Post

BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it was first outed in mid-July of 2022. Industries that can count themselves among the victims of BianLian include healthcare, manufacturing, energy and utilities, education, professional services, media and entertainment, and banking, financial services, and insurance. (BFSI)

Thankfully, Avast has announced that they have developed a BianLian decryptor by reverse engineering the visible strings that exist as a result of the Go language’s nature. It is publicly available for free now, and can be downloaded directly at:

Currently, the decryptor can only restore files encrypted by a known variant of the BianLian ransomware. If you are a recent victim and are not having success with the current version, you can attempt to find the ransomware binary on your affected systems and forward the sample to to be included in a future update. The typical BianLian ransomware is a “.exe” file around 2 MB in size.

Indicators of Compromise:
The following are SHA-256 file hashes for known BianLian ransomware files.


Reach out to our incident response team for help

More To Explore

Information Security News 6-10-2024

Frontier Warns 750,000 of a Data Breach After Extortion Threats Article Link: ‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors Article Link:

Information Security News 6-3-2024

Snowflake Data Breach Impacts Ticketmaster, Other Organizations Article Link: 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx Article Link: LastPass

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.