Avast to the Rescue… Again! Stopping BianLian in Its Tracks

Ransomware, regardless of its family, has been a huge nightmare for companies and individuals for quite some time now. Threat actors all over the world have been using elevated ways to deploy their ransomware. However, cybersecurity companies aren’t just sitting around spectating the chaos. Avast stopped the Hades ransomware in the past, and now, it has done it again with BianLian.

Ransomware costs a lot, and we’re talking about the victims. Instead of disclosing or recommending certain steps to avoid it, Avast is working on an actual way to cease such practices.

Now, the company has created a decryptor that allows BianLian victims to save and retrieve their files without having to pay the attackers behind it. This is an amazing step toward online safety, and we’re going to talk about it in detail below.

BianLian Begone – Avast Strikes with a Decryptor

Ransomware has affected dozens of big companies across the globe. In fact, 2022 saw a huge spike in these practices as top names, such as one of India’s biggest energy companies – Tata Power.

The BianLian ransomware hasn’t been around for much, but it sure did some damage while at it. In fact, the infamous ransomware was part of a huge campaign targeting Android users through the Google Play Store a while back.

Well, BianLian is in the past now, as none other than Avast has created a decryptor that allows users to get their files back without having to pay a ransom.

As we mentioned, BianLian isn’t new on the cybercrime scene, and this decryptor comes about half a year after the ransomware’s increased activity.

So, basically, just like most ransomware attacks, BianLian sends its victims a ransomware note informing them that their files have been encrypted.

Once the victims get that, they can proceed with Avast’s decryptor to save their files and regain control over them. Please note that the steps below only work with known variants of BianLian:

1. First, users should get the decryptor for free from Avast. The program requires no installation. Instead, users can execute the program immediately.
2. Submit the files that need decryption.
   
3. Enter the decryption password. Two options are available: Either submit a known password or prompt the decryptor to iterate through all known BianLian passwords.
   

Once everything is in place, victims of BianLian will be able to remove the ransomware’s encryption and retrieve the files.

If users are afraid of losing their data or damaging it, the tool allows them to back them up in case anything goes wrong. If the ransomware variant is new, the decryptor won’t be able to retrieve the files.

However, Avast states that alternative steps can be taken. That includes locating the ransomware binary on the hard drive. There can be information that can help in deciphering the locked files. Some common filenames and locations of BianLian include:

• C:\Windows\TEMP\mativ.exe
• C:\Windows\Temp\Areg.exe
• C:\Users\%username%\Pictures\windows.exe
• anabolic.exe

As we mentioned, the tool cannot decrypt any variant of LianBian. According to Avast, the BianLian decryptor is a work in progress, and unlocking more strains will be an added privilege in the near future.

BianLian No More? Some Variants, At Least

Avast has been trying so hard to counter what cybercriminals are trying to achieve. So far, it has succeeded with various attempts to decrypt ransomware families.

The security company is hell-bent on saving as many users as possible, and we highly appreciate that. Its decryptors have a long way to go, but so far, Avast’s tools are very effective.