Merrick Garland, US attorney general, speaks during a news conference with Lisa Monaco, deputy US … [+]
Imposter scams have long been among the most lucrative for scammers. According to the Federal Trade Commission, consumers lost $2.7 to imposter scams second only to investment scams in 2023.
While there are many variations of this scam, the most common variations have involved scammers calling, texting or emailing their victims posing as a trusted government agency, such as the FBI, IRS, US Postal Service, FTC or the Social Security Administration. Other times the scammers will pose as a company with which we commonly do business such as Amazon or Netflix. The scammer then, under a wide variety of pretenses, demands immediate payment by gift cards, cryptocurrency, credit card or wired funds. Being asked to pay by gift cards is a definite indication that the call is a scam since no company or governmental agency requests or accepts payments by gift cards.
Now, in an unusual twist on the usual imposter scam, the FBI is warning people about scammers posing as members of the infamous Russian ransomware gang BianLian. The real BianLian has developed ransomware that it has deployed against numerous companies since 2023. BianLian’s business model is to encrypt the data of its targeted victims and then threaten to make the data public unless a ransom was paid.
The phony BianLian scammers are sending snail mail letters to business executives telling them that the phony BianLian scammers used social engineering to gain access to thousands of sensitive, confidential data files including payroll reports, Social Security numbers, tax filing and investor information. In the letter they threaten to make the data public unless the targeted victim of the scam uses a QR code included in the letter to pay a ransom of between $250,000 and $500,000 by Bitcoin.
According to the cybersecurity consulting firm GuidePoint Security the letters have been mailed from Boston with a return address oddly indicated on the envelope reading:
BIANLIAN GROUP 24 FEDERAL ST, SUITE 100 BOSTON, MA 02110
The FBI says that there is no indication that the scammers sending these letters are in any way connected to the real BianLian Group or have infiltrated the computers of their targeted victims. GuidePoint Security indicated that it had never observed any legitimate (if that term can be used here) ransomware group communicate through snail mail. Legitimate ransomware groups communicate by email or encrypted chat.
GuidePoint also noted that the wording and content of the letter differs from actual ransomware notes sent in the past by the real BianLian. In an effort to appear legitimate, the letter does include links to sites on the Dark Web where the real BianLian has leaked data, but these links are meaningless as the addresses are commonly known. GuidePoint also noted that the Bicoin wallet addresses used in the letters are new wallets with no known association to any ransomware groups.
It is also noteworthy that the letter does not contain any contact information while the usual practice of ransomware groups is to negotiate in regard to the ransom. The phony letter states that the phony BianLian Group no longer negotiates.
Most tellingly, none of the companies receiving the letter have found evidence of any cyber intrusions. However, the FBI out of an abundance of caution urges companies that do receive the phony BianLiam letter to ensuer that their network defenses are up to date.
