ACSC: BianLian Ransomware Group alert

May 19, 2023

The Australian Cyber Security Centre (ACSC), the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) urges organisations to take immediate steps to safeguard computer systems and devices from BianLian ransomware.

BianLian is a ransomware and data extortion group active globally since June 2022, successfully breaching multiple high-profile organisations. Victims include Australian critical infrastructure, professional services and property development providers.

The advisory to mitigate BianLian and other ransomware cyber risks include:

  • strictly limiting use of Remote Desktop Protocol (RDP) and other remote desktop services
  • disabling command-line and scripting activities and permissions
  • restricting usage of PowerShell and update Windows PowerShell or PowerShell Core to the latest version.