Scammers are impersonating the BianLian ransomware gang by sending fake ransom notes to CEOs of US companies via the United States Postal Service.
A new scam involving fake BianLian ransom notes has been reported, where scammers target CEOs of US companies by mailing fake ransom letters. The notes, which claim to be from the "BIANLIAN Group," demand a Bitcoin payment between $250,000 and $500,000. These letters, marked "Time Sensitive Read Immediately," contain fraudulent claims of stolen data tailored to each company’s industry. Healthcare companies received fake reports of stolen patient data, while other businesses were allegedly targeted for customer and employee information. The letters are designed to look convincing, including information from Tor data leak sites and even compromised passwords to add legitimacy.
BianLian ransomware has gained notoriety in recent years, primarily for using double-extortion tactics, where data is stolen and encrypted, followed by ransom demands. Typically, these operations are conducted through digital means. However, this latest scam appears to be an evolution of previous email-based extortion attacks, shifting to mailed letters to target high-profile individuals in companies.
Grayson North, a researcher at GuidePoint Security, said: "We assess with a high level of confidence that the extortion demands contained within are illegitimate and do not originate from the BianLian ransomware group." Arctic Wolf also stated that these ransom notes are designed solely to instill fear, with no real threat of a breach.
The FBI has also issued an announcement to inform businesses about this scam. The FBI recommends organizations educate their executives and employees about such threats, ensure network defenses are up-to-date, and report any incidents to the local FBI Field Office or the Internet Crime Complaint Center (IC3).
Ransomware attacks like those from BianLian have been on the rise in recent years, evolving from digital to physical mail scams. This shift to postal mail could mark the beginning of a new trend in how cybercriminals target high-level executives. Awareness of these scams is crucial for CEOs and organizations to prevent unnecessary panic and resource wastage.
This scam shows the increasing creativity and persistence of cybercriminals in targeting executives. Understanding how to differentiate between legitimate threats and scams is vital for businesses to protect themselves from being extorted or distracted by these fraudulent tactics. It also shows how cybersecurity efforts must extend beyond just email-based threats to include physical mail.
These fake ransom notes are a reminder of how scammers are evolving their methods. Organizations must educate executives and IT staff about these types of scams to avoid unnecessary panic and secure against real threats.
Notify corporate executives, ensure network defenses are up-to-date, and report the incident to the local FBI Field Office or IC3.
Look for signs such as the lack of genuine threats, mismatched return addresses, and no actual evidence of a data breach or hacking activity.
BianLian ransomware is a cybercrime operation that extorts money from victims by threatening to leak stolen data unless a ransom is paid.
Look for unusual activity on networks, unexpected ransom demands, or suspicious communication from actors claiming to be from a ransomware group.