Scammers are targeting US companies by impersonating the notorious BianLian ransomware group in a new extortion scheme. These fraudulent ransom notes are being mailed to CEOs and other high-level executives, using envelopes processed through a postal facility in Boston, Massachusetts. The notes, marked as “Time Sensitive Read Immediately,” claim that the BianLian group has gained access to sensitive company data and threaten to release it unless a Bitcoin payment is made within 10 days. The letters vary depending on the industry of the targeted company, with healthcare companies receiving fake claims about stolen patient and employee information, and product-based businesses being told that customer orders and financial documents were compromised.
The ransom demands in these fake notes range from $250,000 to $500,000, and each letter includes a QR code linking to a newly generated Bitcoin address. Arctic Wolf, which also reported on the scam, noted that healthcare organizations had their demands set at $350,000. To add credibility to the ransom threats, the scammers included compromised passwords in at least two of the letters, hoping to make their claims appear more legitimate.
Despite the inclusion of these details, experts have confirmed that there is no actual breach, and the entire scheme is a scare tactic designed to extort money from executives.
GuidePoint Security has confirmed that these ransom notes are part of a widespread scam and not associated with the BianLian ransomware group. The notes differ significantly from those typically sent by BianLian, with the scammers opting for a mailed approach instead of digital communication. Unlike the real BianLian ransomware, which engages in negotiations, these fake ransom notes claim that the group is no longer negotiating and demands immediate payment.
The goal is clearly to instill fear and urgency among executives, hoping to prompt them to pay the ransom without thoroughly investigating the legitimacy of the threat.
The mailing of these fake ransom notes marks an evolution of extortion tactics that have been popular since 2018. Originally targeting individuals through email, these scams have now expanded to target CEOs of corporations, a move that reflects the growing sophistication of cybercriminals. While experts emphasize that these notes are not tied to any actual data breaches, it’s crucial for IT and security teams to inform executives about the scam to prevent unnecessary panic. This form of corporate extortion is not only a threat to the targeted businesses but also serves as a reminder for companies to remain vigilant against evolving cybercrime tactics.
