Unknown Individuals Dispatch Blackmail Notices Delivered through Post Offices, Uttering the Moniker "BianLian" as Demand
In a recent advisory, the FBI has alerted executives about a ransomware mail scam that is currently circulating. The scam, which appears to be orchestrated by the BianLian Ransomware Group, has raised concerns due to its new tactics and the significant risk it poses.
Organizations have reported receiving suspicious letters claiming to be from the BianLian group, stating that they have compromised the recipient's corporate network and stolen sensitive data. The letters, however, have not been traced back to the real BianLian group, according to the FBI.
The ransom demands in these letters range from $250,000 to $350,000 USD. The letters also include a Bitcoin wallet address and a QR code for easier payment. However, GuidePoint Security, a cybersecurity firm, has high confidence that this wave of letters is an attempt to deceive organizations into paying a ransom to actors unaffiliated with the BianLian group.
The letters have unusual delivery mechanisms, language changes, and no intrusion activity, indicating a scam. The ransomware falsification campaign with letters to organizations was initiated by cybercriminals using a phishing campaign distributing the UpCrypter malware loader, which delivers remote access trojans such as PureHVNC, DCRat, and Babylon RAT, targeting companies worldwide since August 2025.
This ransomware scam bears similarities to an extortion campaign from 2020, where organizations received letters purporting to come from state-sponsored groups, threatening DDoS attacks. The letters in question contain Tor links to BianLian's data leak site, but are likely to be from an imposter.
GuidePoint Security urges organizations to notify executives about the scam, ensure reporting mechanisms are understood, educate employees on ransom threats, keep network defenses updated, and report the letter to local law enforcement and the FBI Field Office. They also recommend organizations to verify any ransom demands and not to pay ransoms, as it can encourage further attacks.
In light of this, it is crucial for organizations to remain vigilant and stay updated on the latest cyber threats. By following best practices for network security and staying informed, organizations can protect themselves from such scams and maintain the integrity of their data.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Inquire about the purpose of Max.
- U.S. intelligence leader alleges UK succumbed to pressure over Apple data access request
- Politician's Rivalry Slips into Online Traps Made for Stealing Information via Social Media Phishes
