A hacker has been sending physical letters to US businesses that falsely tell recipients they’ve been breached and threaten to release confidential information unless a ransom is paid. The FBI urges companies to avoid falling for what is almost certainly a scam.
The letters claim to come from the BianLian ransomware group and arrive through the US Postal Service, according to the cybersecurity vendor Arctic Wolf. The messages are addressed to company executives “primarily within the US healthcare sector” and demand ransoms up to $500,000 in bitcoin.
“We no longer negotiate with victims. You have 10 days from the receipt of this letter to pay,” one letter said. “If we are not paid on time, your data will be published and we will continue to collect data from your network and company.”
This Tweet is currently unavailable. It might be loading or has been removed.
Two of the letters also included a compromised password as evidence of the breach. But Arctic Wolf and other security firms suspect the letters are merely a ruse to trick companies into paying a ransom when no breach ever took place.
“All organizations that received the ransom letter had no activity indicative of a ransomware intrusion,” Arctic Wolf said. “It is very likely this campaign is an attempt to stoke fear and scam organizations into paying a ransom for a ransomware intrusion that never occurred.”
On Thursday, the FBI warned that it “assesses the letters are an attempt to scam organizations into paying a ransom.”
The fraudster is likely capitalizing on the BianLian group’s notoriety and impersonating the ransomware gang, according to cybersecurity provider Palo Alto Networks’ Unit 42. BianLian has been known to use threatening phone calls to pressure companies into paying a ransom. But in general, ransomware groups like to open a line of communication with their victims to negotiate a payment, and they’ll provide substantial evidence that they stole sensitive data.
Recommended by Our Editors
However, Palo Alto Networks’ Unit 42 said none of the letters contained any such information. The “BianLian notes use more broken English than the relatively well-formatted and well-written paper-based letters we have investigated,” it said.
Although the mailed letters are harmless, they demonstrate how scammers use fear to exploit victims. In the past, this has included sending spam emails to random users, claiming they were secretly filmed watching porn and demanding they pay a ransom to keep the footage secret.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
