Fake BianLian Ransom Note Campaign Targets Executives in the US via Snail Mail
Published
- A series of ransomware notes sent via post office claim the compromise of the recipient's corporate IT network.
- They demand a ransom of $250,000 to $350,000 in Bitcoin, preying on the fear factor.
- Security researchers underline that there are several red flags and no evidence of actual intrusions.
A campaign impersonating the notorious BianLian ransomware group exploits fear to coerce its targets' payments. The scammers send fake ransom notes via physical letters targeting executives.
GuidePoint Research and Intelligence Team (GRIT) confidently confirmed that this campaign is illegitimate and not connected to the real BianLian group.
Using Snail Mail and new Bitcoin wallets, writing in perfect English, and the lack of a negotiation clause are among the red flags that distinguish these letters from legitimate ransomware activity.
The fraudulent letters claim the recipient's corporate IT network has been compromised and demand a ransom of $250,000 to $350,000 in Bitcoin within 10 days, according to the latest GRIT security report.
Each note includes a QR code linked to a Bitcoin wallet and URLs for BianLian’s alleged data leak site. The recipients are advised to refrain from contacting the police or the FBI and threatened with releasing the alleged stolen data.
The goal is to trick recipients into transferring funds to criminal actors with no actual evidence of a breach.
Using physical mail is highly uncharacteristic of ransomware groups, which usually operate digitally. Besides, the letters are written in flawless English, which is unusual for such schemes. Also, freshly generated wallet addresses are inconsistent with typical ransomware practices.
Marked as “TIME SENSITIVE READ IMMEDIATELY,” the envelopes display an American flag Forever Stamp and list a return address of “BIANLIAN GROUP, 24 Federal St, Suite 100, Boston, MA 02110.”
GuidePoint reassured organizations that there is no known or suspected network intrusion linked to these letters.
Related
Most Popular
Most Popular