Project Hyphae
Search

BianLian Ransomware Decryptor Made Public

Share This Post

BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it was first outed in mid-July of 2022. Industries that can count themselves among the victims of BianLian include healthcare, manufacturing, energy and utilities, education, professional services, media and entertainment, and banking, financial services, and insurance. (BFSI)

Thankfully, Avast has announced that they have developed a BianLian decryptor by reverse engineering the visible strings that exist as a result of the Go language’s nature. It is publicly available for free now, and can be downloaded directly at: https://files.avast.com/files/decryptor/avast_decryptor_bianlian.exe

Currently, the decryptor can only restore files encrypted by a known variant of the BianLian ransomware. If you are a recent victim and are not having success with the current version, you can attempt to find the ransomware binary on your affected systems and forward the sample to decryptors@avast.com to be included in a future update. The typical BianLian ransomware is a “.exe” file around 2 MB in size.

Indicators of Compromise:
The following are SHA-256 file hashes for known BianLian ransomware files.

1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43
3a2f6e614ff030804aa18cb03fcc3bc357f6226786efb4a734cbe2a3a1984b6f
46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b
3be5aab4031263529fe019d4db19c0c6d3eb448e0250e0cb5a7ab2324eb2224d
a201e2d6851386b10e20fbd6464e861dea75a802451954ebe66502c2301ea0ed
ae61d655793f94da0c082ce2a60f024373adf55380f78173956c5174edb43d49
eaf5e26c5e73f3db82cd07ea45e4d244ccb3ec3397ab5263a1a74add7bbcb6e2



Reach out to our incident response team for help

More To Explore

Information Security News 3-25-2024

Developer Sues Minnesota Contractor After $735K Payment Disappears Article Link: https://www.constructiondive.com/news/beck-sues-ryan-fsa-title-cybercrime/710708/ Truck-to-Truck Worm Could Infect and Disrupt Entire US Commercial Fleet Article Link: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/ NIST’s

Information Security News 3-18-2024

Threat Actors Leaked 70 Million Records Allegedly Stolen From AT&T Article Link: https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html Former Telecom Manager Admits to Doing SIM Swaps for $1,000 Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.