Avast Decryption Tool for BianLian 1.0.0.724
Avast Decryption Tool for BianLian can be utilized to recover files held hostage by the BianLian strain of ransomware. All the Avast Decryption Tools are available in one zip here.
The BianLian ransomware is responsible for targeted attacks on various industries since 2022. It has intensified the threat by rapidly encrypting files. The ransomware is coded in Go and compiled as a 64-bit Windows executable. Due to the characteristics of the Go language, various strings, including details about the directory structure of the author's PC, are directly visible in the binary.
The Avast Decryption Tool for BianLian can recover files encrypted by a known variant of the BianLian ransomware. For new victims, it may be difficult to find the ransomware binary on the hard drive because the ransomware deletes itself after encryption.
Common names of the BianLian ransomware file on the victim’s PC include:
C:\Windows\TEMP\mativ.exe
C:\Windows\Temp\Areg.exe
C:\Users\%username%\Pictures\windows.exe
anabolic.exe
The file data is encrypted using AES-256 in CBC mode, and the length of the encrypted data is aligned to 16 bytes as required by the AES CBC cipher. Upon execution, BianLian searches all available disk drives from A: to Z: and encrypts all files with file extensions matching one of the 1013 extensions hardcoded in the ransomware binary.
BianLian ransomware doesn't encrypt files from the beginning. Instead, it starts encryption from a fixed file offset. The ransomware encrypts files and appends the .bianlian extension, along with leaving a ransom note named "Look at this instruction.txt," as shown in screenshot number 1.
The following command is executed, which automatically deletes itself:
cmd /c del
Similar:
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
What's the Be What'sivirus and Is Windows Defender Good Enough?
How to Manage Windows Defender Antivirus Found Threats
What to Do When Your Norton or McAfee Antivirus Expire
Avast Decryption Tool for BianLian 1.0.0.724
Avast Decryption Tool for BianLian can be utilized to recover files held hostage by the BianLian strain of ransomware. All the Avast Decryption Tools are available in one zip here.
