BianLian Ransomware is Written in Go

A new ransomware variant called BianLian has been spotted in the wild. The new strain is coded and compiled in the Go language.

The ransomware encrypts files on the victim system, leaving them in an unusable state. The encrypted file types include virtually every media, document, archive and database file extension.

Once encrypted, files receive the ".bianlian" extension appended to them. This will turn a file formerly named "document.txt" into "document.txt.bianlian" upon encryption.

The ransom note threatens to leak stolen information - a common double extortion tactic that ransomware authors have been using for years now. The note is deposited inside a plain text file named "Look at this instruction.txt" and goes as follows:

Your network systems were attacked and encrypted. Contact us in order to restore your data. Don't make any changes in your file structure: touch no files, don't try to recover by yourself, that may lead to it's complete loss.

To contact us you have to download "tox" messenger: hxxps://qtox.github.io/

Add user with the following ID to get your instructions:

[alphanumeric string]

Alternative way: swikipedia at onionmail dot org

Your ID: -

You should know that we have been downloading data from your network for a significant time before the attack: financial, client, business, post, technical and personal files.

In 10 days - it will be posted at our site hxxp://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion with links send to your clients, partners, competitors and news agencies, that will lead to a negative impact on your company: potential financial, business and reputational loses.