Scammers are impersonating the BianLian ransomware gang in faux ransom notes despatched to US firms by way of snail mail via the USA Postal Service.
The faux ransom notes have been first reported by Guidepoint Safety as we speak, with BleepingComputer later being despatched a scan of the notice from a CEO who obtained the identical letter.
The envelopes for these ransom notes declare to be from the “BIANLIAN Group” and have a return handle situated in an workplace constructing in Boston, Massachusets:
BIANLIAN GROUP
24 FEDERAL ST, SUITE 100
BOSTON, MA 02110
Within the letter shared with BleepingComputer, the envelope reveals it was mailed on February twenty fifth, 2025. This mailing date is identical because the one seen by Arctic Wolf, who additionally reported on the rip-off as we speak.
The letters are being mailed to the CEO of the businesses at their company mailing handle and present that they have been processed via a postal facility in Boston, with the envelope marked, “Time Delicate Learn Instantly.”
Supply: BleepingComputer
The envelopes include a ransom notice addressed to the corporate’s CEO or one other govt, claiming to be from the BianLian ransomware operation. In accordance with notes reviewed by BleepingComputer, they’re tailor-made to the corporate’s trade, with several types of allegedly stolen information equivalent to the corporate’s actions.
For instance, faux BianLian ransom notes despatched to healthcare firms declare that affected person and worker data was stolen, whereas these focusing on product-based companies allege the publicity of buyer orders and worker information.
“I remorse to tell you that we have now gained entry to [REDACTED] methods and over the previous a number of weeks have exported hundreds of information information, together with buyer order and phone data, worker data with IDs, SSNs, payroll reviews, and different delicate HR paperwork, firm monetary paperwork, authorized paperwork, investor and shareholder data, invoices, and tax paperwork,” reads a faux BianLian ransom notice.
Supply: GuidePoint Safety
The mailed ransom notes are very totally different from BianLian’s, however the scammers try to make them look convincing by together with the true Tor information leak websites for the ransomware operation within the notes.
Nevertheless, not like typical ransomware calls for, these faux notes state that BianLian is now not negotiating with victims. As a substitute, the sufferer has 10 days to make a Bitcoin cost to stop information from being leaked.
Every ransom notice features a ransom demand ranging between $250,000 and $500,000, a freshly generated Bitcoin handle to ship cost, and a QR code for the Bitcoin handle.
Arctic Wolf mentioned that every one healthcare organizations had their ransom demand set to $350,000, which is identical because the one shared by a healthcare firm with BleepingComputer, as proven beneath.
Supply: BleepingComputer
Moreover, Arctic Wolf states that two ransom notes the researchers noticed included official compromised passwords so as to add legitimacy to the demand.
“In at the very least two letters, the risk actor included a compromised password throughout the How did this occur? part, nearly actually in an try so as to add legitimacy to their declare.” defined Arctic Wolf.
The consensus within the reviews is that these ransom notes are faux and are solely designed to scare executives into paying a ransom, as there aren’t any indicators of an precise breach.
“Whereas GRIT can not affirm the identification of the letter’s authors presently, we assess with a excessive degree of confidence that the extortion calls for contained inside are illegitimate and don’t originate from the BianLian ransomware group,” explains GuidePoint Safety researcher Grayson North.
Nevertheless, this doesn’t imply the emails must be ignored. As a result of widespread mailing of those notes, all IT and safety admins ought to notify executives in regards to the rip-off in order that they’re conscious and don’t waste time and sources worrying about them.
These faux ransom notes are an evolution of the e mail extortion scams which have develop into so fashionable since 2018. Nevertheless, as a substitute of focusing on private emails, they’re now focusing on the CEOs of firms.
BleepingComputer contacted the BianLian ransomware operation to see in the event that they have been concerned with these mailings, however a reply was not instantly accessible.
