Upon its execution, BianLian searches all available disk drives (from A: to Z:). The length of the encrypted data is aligned to 16 bytes, as required by the AES CBC cipher. File data is encrypted with AES-256 in CBC mode. There are references to asymmetric cryptography libraries in the sample (RSA and elliptic curves), but the ransomware doesn’t do any of it. Due to the nature of the Go language, there are many strings directly visible in the binary, including details about the directory structure of the author’s PC: Static analysis of BianLian ransomwareīianLian is a ransomware strain written in Go language and compiled as a 64-bit Windows executable. Skip to how to use the BianLian ransomware decryptor. The BianLian ransomware emerged in August 2022, performing targeted attacks in various industries, such as the media and entertainment, manufacturing and healthcare sectors, and raised the threat bar by encrypting files at high speeds. For that reason, some files may not be decrypted."Īvast Decryption Tool for AtomSilo and LockFile will work for both strains due to their similarities, even with different deployment tactics being used for each.Īfter the decryption process, Avast Decryption Tool for AtomSilo and LockFile logs the process.The team at Avast has developed a decryptor for the BianLian ransomware and released it for public download. Per Avast, "during the decryption process, this Avast Decryption Tool relies on a known file format to verify that the file was successfully decrypted. This decryptor should be suitable for most instances however, it may be unsuccessful in decrypting files that contain an unknown, proprietary, or with no format at all. Avast Decryption Tool for AtomSilo and LockFile is released to decrypt files held by the AtomSilo and Lockfile ransomware strain.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |