Corporate executives, particularly in the healthcare sector, have recently been targeted in a new scam where extortionists send physical ransom letters threatening to leak stolen data unless paid. According to an alert from the FBI, the letters claim to be from the BianLian ransomware group, a notorious cybercrime operation. They assert that the recipient’s organization has fallen victim to a cyberattack in which sensitive data has been stolen.
The letters, marked as “Time Sensitive Read Immediately,” demand a payment between $250,000 and $500,000, directing victims to scan a QR code that links to a Bitcoin wallet. If the ransom is not paid within ten days, the letter warns, the stolen data will be posted on BianLian’s leak sites.
The FBI’s investigation, however, reveals no evidence that the recipients’ organizations have actually been hacked or that BianLian is behind the extortion attempt. The letters were mailed from Boston, Massachusetts, and though they reference the infamous ransomware group, the connection appears to be entirely fabricated, likely to increase the scam’s credibility.
Cybersecurity firm Arctic Wolf first reported the scam, noting that all letters sent so far have similar wording, suggesting the use of a generic template with only slight variations. The letters also include a compromised password in some cases, aimed at convincing recipients of the scam’s legitimacy. However, no proof of an actual data breach or ransomware attack has been identified, indicating that these letters are designed purely to create fear and coerce companies into paying ransoms for non-existent threats.
The FBI and Arctic Wolf stress that organizations should remain vigilant and not fall victim to these physical mail scams. Both entities emphasize the importance of strengthening security measures and verifying any ransom threats before taking action.
Source: FBI, Ionut Arghire of Securityweek and Arctic Wolf
