Ransomware Group

bianlian

BianLian ransomware operations began in late 2021. The group practices multi-pronged extortion, demanding payment for a decryptor, as well as the non-release of stolen data. The ransomware group hosts a public, TOR-based, blog to post victim identities and stolen data. Somewhat unique to BianLian at the time of their launch was their inclusion of an I2P mirror for their blog.

552 Known Victims

Threat Level

CRITICAL

Known Infrastructure

The following Tor hidden services have been associated with this group:

bianlivemqbawcco4cx4a672k2fip3guyxudzurfqvdszafam3ofqgqd.onion
bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion
bianliaoxoeriowgqohcly4a6sbkpc3se2yvxgidxomxlpuhx5ehrpad.onion

⚠️ Warning: These are malicious sites. Do not visit without proper security measures.

Check If You're Affected

Search our database to see if your organization appears in bianlian's victim list.

Try It NowFree

Try:|

Get instant threat analysis with risk scores, threat categories, and detailed reports.

Other Active Ransomware Groups

Lockbit Blackcat Cl0p Play Akira Medusa Rhysida