BianLian ransomware crew goes 100% extortion after free decryptor lands The BianLian gang is ditching the encrypting-files-and-demanding-ransom route and instead is going for full-on extortion. Cybersecurity firm Avast's release in January of a free decryptor for BianLian victims apparently convinced the miscreants that there was no future for them on the ransomware side of things and that pure …
So, these chaps have compromised your network, which is illegal, pinched your data, which is illegal, and are now offering to publish it if you don't pay them shedloads of cash, which is illegal. Not the most trustworthy folks, so why would you trust them to not publish your data anyway, once they have been paid? Or to not keep coming back for more?
Even if they're honest in their business dealings, and don't deliberately publish, there is always the chance that they will lose the data, or it will be stolen from them (can't trust anyone these days!) and subsequently be published anyway.
Seems to me that, once these folks have your data you might as well assume that it will eventually be published anyway, and spend the cash on improving security instead.
Bad business to leak after the fact.
After all they are in the malware "business" to make money. If you breach someone and they pay the ransom to not leak but you do anyway or come back for more money later then eventually someone like ElReg will report on it and nobody will pay your ransoms any more and you wont make any money.
"references to legal and regulatory issues facing organizations if a data breach became public"
In many jurisdiction, NOT notifying the relevant authorities and affected users/customers means even bigger fines. Trying to hide that you've been breached is a bad move so that threat at least is pretty meaningless. And once the data is out there, there's nothing stopping the ransomware scum from blackmailing the same victim again, even if they do pay up the first time. And this particular crew seem to be a bit pissed off at the free decryption keys being available so instead of doing the "arms race" work to stay ahead of the good guys, they've turned even more nasty and vindictive. That's a recipe for the good guys to put even more resources into taking them out. Yeah, it's still whack-a-mole, but if the good guy decide it's viable to use a bigger hammer, the odds of any one mole getting whacked get better.
"And this particular crew seem to be a bit pissed off at the free decryption keys being available so instead of doing the "arms race" work to stay ahead of the good guys, they've turned even more nasty and vindictive."
Perhaps they see it as an opportunity for repeat business, though when the word gets around that they come back for another bite at the cherry the odds of anyone paying them will drop to zero.
Obviously I'm neither a cryptographer nor do a ransomware author, but I would have thought the pay-to-decrypt business model would be more beneficial for the bad guys. You can deliver an actual product that can be shown to work, which might be slightly more persuasive than scouts honour promises never to release stolen data. If you charge less than it's going to cost to rebuild everything from backups (if that's even possible) and it can be done quickly, that's going to be an attractive option, too. Sure, you have the hassle of changing your encryption, but surely you'd want to do that pretty often anyway lest some clever bugger cracks it and undercuts you
Moving to blackmail as a service just seems way too unreliable to me - you have to go to the trouble of exfiltrating all the data, and nobody is really going to trust you to keep quiet so they're less likely to pay up. All seems very optimistic - I'm wondering if this bunch of baddies are younglings without the skill to change the encryption or the experience of human nature to know how unreliable they look.
That was the essence of the Brexit arguments and now we're being told "We have full control of our borders!" But malware, viruses and phishing emails sail though our "network borders" every few seconds so was this an issue that nobody noticed or even discussed back on 23 June 2016? Well, malware and viruses were relatively uncommon back then, at least the way I'm seeing them every hour these days, so networkwise we have no control of our borders at all these days and the current handling is to let everything cross the network border and then hopefully stop them if we notice them.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
