About Danny Quist
Danny Quist is the Director of Special Projects at [redacted]. He works on the research team developing new methods of reverse engineering, machine learning, and malware detonation. Previously he has worked for MIT Lincoln Laboratory and Los Alamos National Laboratory. He has presented at Blackhat, RSA, Defcon, and DFRWS.
Latest from Danny
Executive Summary Since our initial report on the ransomware group known as BianLian, we have continued to keep an eye on their activities. Unfortunately, and sadly not surprisingly, the group continues to operate and add to their ever-growing list of victims. Having continued to research BianLian for the past six months or so, we felt the time was right to share an update and some of our findings with the larger community.
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges. BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations.