Scammers are taking advantage of the fear and urgency associated with ransomware attacks by impersonating the BianLian ransomware group and sending fake ransom letters through traditional mail services to various businesses. The letters claim that the recipient’s IT network has been compromised, sensitive data has been stolen, and demand a substantial ransom payment in Bitcoin to prevent the data from being leaked.
The discovery of this unusual trend was made by GuidePoint Security’s Senior Threat Intelligence Analyst, Grayson North, who noticed that executives at different organizations were receiving physical letters via the US Postal Service. These letters, delivered from US addresses, demanded payments ranging from $250,000 to $350,000 within a ten-day deadline, threatening data publication and continued data collection if the ransom wasn’t paid on time.
Despite mimicking the format of traditional ransom notes, including QR codes and Tor links to the Dark Web, cybersecurity analysts quickly identified several inconsistencies that raised doubts about the legitimacy of the letters. The language used in the letters was unusually polished, the provided Tor links were easily accessible, and the method of delivery via physical mail was atypical for ransomware groups.
Furthermore, investigations by GuidePoint Security’s Research and Intelligence Team revealed no actual network intrusions or data breaches in the organizations that received the letters. The Bitcoin wallet addresses were newly generated and not associated with any prior ransomware activity, and the senders refused to negotiate, contrary to standard threat actors’ practices.
The conclusion drawn by the research team was that the letters were likely a fraudulent attempt to impersonate BianLian for financial gain. By exploiting the fear and urgency associated with ransomware attacks and imitating a known ransomware group’s reputation, the scammers aimed to extort money from targeted organizations. The letters were designed to create a sense of panic and urgency, pushing recipients to act quickly without verifying the authenticity of the threats.
In response to this extortion scam, GuidePoint Security recommended that organizations educate their employees on handling such threats, ensure that their network defenses are up to date, and remain vigilant for any suspicious activity. By staying informed and maintaining strong cybersecurity measures, businesses can protect themselves against potential scams and extortion attempts.
As the threat landscape continues to evolve, with scammers finding new ways to exploit vulnerabilities and instill fear, it is crucial for organizations to remain proactive in their cybersecurity practices. By staying informed about emerging threats and implementing robust security measures, businesses can effectively safeguard their data and protect themselves from falling victim to scams and extortion schemes.