Skip to content

Bogus ‘BianLian’ Gang Sends Snail-Mail Extortion Letters

Posted by: GuidePoint Security

< 1 min read

March 5, 2025 – Published on Dark Reading

Someone claiming to represent the BianLian ransomware group is sending top executives from various organizations snail-mail extortion letters informing them that their IT network has been compromised and threatening to delete or leak sensitive company data.

Sending physical letters through the mail system is an unusual move for a cybercriminal group, which typically sends ransom notes in digital form following a cyberattack. The letters mimic those conventional ransom notes, demanding a payment within 10 days in exchange for not leaking the data, researchers from GuidePoint Security revealed.

However, none of the organizations that received the letters appeared to have been victims of ransomware attacks from the real BianLian — a Russia-based, double-extortion ransomware group that’s been active since 2022 — nor any other threat group.

The letter instructs the recipient to pay the ransom to an included Bitcoin wallet, “which is made easier by including a QR code containing the wallet address,” senior threat intelligence analyst Grayson North from GuidePoint Security wrote in the company’s post.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
In early March 2025, GRIT received reports from multiple organizations regarding suspicious physical letters delivered by mail from US addresses […]
View Page

Related Articles

View All

  • GRIT Blog
Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
Posted by: Grayson North
Published 03/04/25, 11:17am
Read More 5 min read
  • GRIT Blog
Breaking Basta: Insights from Black Basta’s Leaked Ransomware Chats
Posted by: Jason Baker
Published 03/06/25, 01:07pm
Read More 13 min read
  • Incident Response & Threat Intelligence
GRIT 2025 Ransomware & Cyber Threat Report
Read More < 1 min read