BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it was first outed in mid-July of 2022. Industries that can count themselves among the victims of BianLian include healthcare, manufacturing, energy and utilities, education, professional services, media and entertainment, and banking, financial services, and insurance. (BFSI)
Thankfully, Avast has announced that they have developed a BianLian decryptor by reverse engineering the visible strings that exist as a result of the Go language’s nature. It is publicly available for free now, and can be downloaded directly at: https://files.avast.com/files/decryptor/avast_decryptor_bianlian.exe
Currently, the decryptor can only restore files encrypted by a known variant of the BianLian ransomware. If you are a recent victim and are not having success with the current version, you can attempt to find the ransomware binary on your affected systems and forward the sample to firstname.lastname@example.org to be included in a future update. The typical BianLian ransomware is a “.exe” file around 2 MB in size.
Indicators of Compromise:
The following are SHA-256 file hashes for known BianLian ransomware files.