Home > Security > Security News

Fake BianLian Ransom Note Campaign Targets Executives in the US via Snail Mail

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

A campaign impersonating the notorious BianLian ransomware group exploits fear to coerce its targets' payments. The scammers send fake ransom notes via physical letters targeting executives.

GuidePoint Research and Intelligence Team (GRIT) confidently confirmed that this campaign is illegitimate and not connected to the real BianLian group

Using Snail Mail and new Bitcoin wallets, writing in perfect English, and the lack of a negotiation clause are among the red flags that distinguish these letters from legitimate ransomware activity.

Screenshot of the Fake Ransom Note Envelope Used to Trick the Targets.
Screenshot of the Fake BianLian Ransom Note Envelope Used to Trick the Target | Source: Bleeping Computer

The fraudulent letters claim the recipient's corporate IT network has been compromised and demand a ransom of $250,000 to $350,000 in Bitcoin within 10 days, according to the latest GRIT security report.

Each note includes a QR code linked to a Bitcoin wallet and URLs for BianLian’s alleged data leak site. The recipients are advised to refrain from contacting the police or the FBI and threatened with releasing the alleged stolen data.

The goal is to trick recipients into transferring funds to criminal actors with no actual evidence of a breach. 

Using physical mail is highly uncharacteristic of ransomware groups, which usually operate digitally. Besides, the letters are written in flawless English, which is unusual for such schemes. Also, freshly generated wallet addresses are inconsistent with typical ransomware practices.

Marked as “TIME SENSITIVE READ IMMEDIATELY,” the envelopes display an American flag Forever Stamp and list a return address of “BIANLIAN GROUP, 24 Federal St, Suite 100, Boston, MA 02110.”

GuidePoint reassured organizations that there is no known or suspected network intrusion linked to these letters.


Add a Comment
Related
PayPal Phishing Email Scam Campaign Exploits DocuSign API to Bypass Security Measures
BianLian ransomware
Black Basta & Cactus Ransomware Leverage MS Teams, Quick Assist, BackConnect in New Campaign
CISA Adds Cisco, Hitachi, Microsoft Exploited Vulnerabilities to Catalog, Urges Remediation
ransomware hacker
Qilin Claims Responsibility for Utsunomiya Central Clinic After Recent Palau Ransomware Attack
MedusaLocker
Medusa Extorts Bell Ambulance with 210GB Data
Without a PC, Locked iPhones can now be Reset and Erased
iOS Kernel Zero-Day Vulnerability Exploited in Sophisticated ‘Trigon’ Hack
Most Popular
PayPal Phishing Email Scam Campaign Exploits DocuSign API to Bypass Security Measures
Daredevil: Born Again
Daredevil: Born Again Episodes 1 and 2 Explained: Does Foggy Die?
FBI: Most Wanted and FBI: International
CBS Cancelations: Why were FBI: Most Wanted and FBI: International Binned? Can they Return?
movies 2025
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
TV shows February 2025
2025 TV Premiere Dates: New & Returning TV Series Calendar
BianLian ransomware
Black Basta & Cactus Ransomware Leverage MS Teams, Quick Assist, BackConnect in New Campaign
PayPal Phishing Email Scam Campaign Exploits DocuSign API to Bypass Security Measures
Daredevil: Born Again Episodes 1 and 2 Explained: Does Foggy Die?
CBS Cancelations: Why were FBI: Most Wanted and FBI: International Binned? Can they Return?
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
2025 TV Premiere Dates: New & Returning TV Series Calendar
Black Basta & Cactus Ransomware Leverage MS Teams, Quick Assist, BackConnect in New Campaign

Most Popular
PayPal Phishing Email Scam Campaign Exploits DocuSign API to Bypass Security Measures
Daredevil: Born Again
Daredevil: Born Again Episodes 1 and 2 Explained: Does Foggy Die?
FBI: Most Wanted and FBI: International
CBS Cancelations: Why were FBI: Most Wanted and FBI: International Binned? Can they Return?
movies 2025
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
TV shows February 2025
2025 TV Premiere Dates: New & Returning TV Series Calendar
BianLian ransomware
Black Basta & Cactus Ransomware Leverage MS Teams, Quick Assist, BackConnect in New Campaign
PayPal Phishing Email Scam Campaign Exploits DocuSign API to Bypass Security Measures
Daredevil: Born Again Episodes 1 and 2 Explained: Does Foggy Die?
CBS Cancelations: Why were FBI: Most Wanted and FBI: International Binned? Can they Return?
2025 Movie Release Dates: Calendar for Theatrical and Streaming Dates
2025 TV Premiere Dates: New & Returning TV Series Calendar
Black Basta & Cactus Ransomware Leverage MS Teams, Quick Assist, BackConnect in New Campaign

© 2025 TechNadu, a part of Leaprove Media LLP. All Rights Reserved.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: