In a novel and regarding growth, a number of U.S. organizations have reported receiving suspicious bodily letters claiming to be from the BianLian ransomware group.
These letters, despatched through U.S. postal companies, threaten recipients with information leaks until substantial ransoms are paid inside a specified timeframe.
The letters are a part of a marketing campaign that GRIT assesses with excessive confidence to be illegitimate, not originating from the precise BianLian ransomware group.
Uncommon Supply Mechanism and Indicators of Deception
The usage of bodily mail to ship ransom calls for is an uncommon tactic, as authentic ransomware teams usually talk digitally.
The letters embody Bitcoin pockets addresses and QR codes for cost, together with Tor hyperlinks to BianLian’s information leak websites.
Nonetheless, these hyperlinks are publicly recognized and don’t verify the legitimacy of the threats.
The language and content material of the letters additionally deviate from typical ransom notes, that includes practically excellent English and sophisticated sentence buildings, which is inconsistent with previous communications from BianLian.
Furthermore, the Bitcoin pockets addresses included within the letters are freshly generated and haven’t any ties to recognized ransomware teams.
In response to Guidepoint Safety Report, this implies that the true intention is to deceive and rip-off executives into paying ransoms with none precise community compromise.
GRIT has not noticed any recognized or suspected intrusion exercise related to these letters, additional supporting the evaluation that they’re a part of a rip-off.
Suggestions for Response
In response to those threats, organizations are suggested to coach their staff on the right way to deal with ransom threats, whether or not authentic or not.
It’s essential to make sure that community defenses are up-to-date and to report incidents to native legislation enforcement, together with the FBI.
Regardless of the shortage of proof linking these letters to precise community compromises, vigilance is critical to guard towards potential historic leaks or future assaults.
Organizations must also be cautious concerning the recommendation within the letters to keep away from involving legislation enforcement, as this can be a frequent tactic utilized by scammers to isolate victims and forestall them from in search of skilled assist.
As an alternative, reporting these incidents may also help in figuring out and disrupting the rip-off operations.
Accumulate Risk Intelligence on the Newest Malware and Phishing Assaults with ANY.RUN TI Lookup -> Strive free of charge