We would like to bring your attention to a recent security update regarding a significant threat to Australian SMBs and critical infrastructure. The Australian Cyber Security Centre (ACSC), in collaboration with the Federal Bureau of Investigation (FBI), has been actively tracking the activities of the BianLian ransomware group since 2022. The group has recently exhibited an increased level of activity, making it imperative for us to share this information with you.

The BianLian ransomware group utilises compromised Remote Desktop Protocol (RDP) access as their primary method of infiltrating systems. Once inside, they install remote management and access software such as TeamViewer, Atera Agent, SplashTop, and AnyDesk to establish persistence and maintain command and control. They exploit this foothold to exfiltrate company data and coerce organisations into paying a ransom by leveraging financial, business, and legal threats. For more details, please refer to the full ACSC article titled “#StopRansomware: BianLian Ransomware Group” available at Cyber.gov.au:
https://www.cyber.gov.au/about-us/advisories/stopransomware-bianlian-ransomware-group

To enhance your security posture and mitigate the risks associated with this threat actor’s activities, the ACSC recommends implementing the following measures:

  1. Implement application controls to effectively manage and control software execution.
  2. Strictly limit the use of RDP and other remote desktop services, ensuring that access is granted only when absolutely necessary.
  3. Disable command-line and scripting activities and permissions to prevent unauthorised execution.
  4. Enable enhanced PowerShell logging to enhance visibility into potential malicious activities.
  5. Limit privileged access for users, granting administrative rights only to those who genuinely require them.
  6. Implement multi-factor authentication (MFA) for remote access, adding an extra layer of security to prevent unauthorised entry.
  7. Maintain regular backups of critical data to ensure its availability in the event of a compromise.
  8. Implement strict update deployment and vulnerability scanning practices to address known security weaknesses.
  9. Segment networks to isolate critical systems and limit lateral movement in the event of a breach.
  10. Disable all unused ports to minimise potential avenues for unauthorised access.

By adopting these recommended security measures, you can significantly reduce the risk of falling victim to the BianLian ransomware group’s malicious activities.

At ONGC Systems, we prioritise the security and protection of your organisation’s IT infrastructure. If you require any assistance or further information, please do not hesitate to reach out to our dedicated support team.

Contact Us