The Federal Bureau of Investigation (FBI) is issuing this announcement to inform businesses of a scam involving letters delivered in the mail from unidentified criminal actors to corporate executives, claiming to have come from a ransomware group.
Stamped “Time Sensitive Read Immediately”, the letter claims the “BianLian Group” gained access into the organization’s network and stole thousands of sensitive data files. The letter then goes on to threaten that the victim’s data will be published to BianLian’s data leak sites if recipients do not use an included QR code linked to a Bitcoin wallet to pay between $250,000 and $500,000 within ten days from receipt of the letter, claiming the group will not negotiate further with victims.
FBI assesses the letters are an attempt to scam organizations into paying a ransom. The letter contains a US-based return address of “BianLian Group” originating from Boston, Massachusetts. We have not yet identified any connections between the senders and the widely-publicized BianLian ransomware and data extortion group.
Tips to Protect Yourself:
FBI recommends individuals take the following precautions:
- Notify corporate executives and the organization of the scam for awareness.
- Ensure employees are educated on what to do if they receive a ransom threat.
- If you or your organization receive one of these letters, ensure your network defenses are up to date and that there are no active alerts regarding malicious activity.
- If you discover you are a victim of BianLian ransomware, please visit our Joint Cybersecurity Awareness Bulletin for recent tactics, techniques, and procedures and indicators of compromise to help organizations protect against ransomware.
FBI requests victims report any incident to your local FBI Field Office or the Internet Crime Complaint Center (IC3).