The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is received.
Stamped “Time Sensitive Read Immediately”, the letter claims the “BianLian Group” gained access into the organization’s network and stole thousands of sensitive data files. The letter then goes on to threaten that the victim’s data will be published to BianLian’s data leak sites if recipients do not use an included QR code linked to a Bitcoin wallet to pay between $250,000 and $500,000 within ten days from receipt of the letter, claiming the group will not negotiate further with victims.
The FBI states that the letters are an attempt to scam organizations into paying a ransom. The letter contains a U.S.-based return address of “BianLian Group” originating from Boston, Massachusetts. No connections have been made between the senders and the widely-publicized BianLian ransomware and data extortion group.
The FBI offers the following guidance on protecting your organization from these scams:
- Notify corporate executives and the organization of the presence of the scam.
- Ensure employees are educated on what to do if they receive a ransom threat.
- If you or your organization receive one of these letters, ensure your network defenses are up to date and that there are no active alerts regarding malicious activity.
- If you discover you are a victim of BianLian ransomware, visit the Joint Cybersecurity Awareness Bulletin for recent tactics, techniques, and procedures and indicators of compromise to help organizations protect against ransomware.