Cybercrims now licking stamps and sending extortion demands in snail mail

March 5, 2025 – Published on The Register

Ransomware extortionists are now using letters sent by snail mail to demand payments, without bothering to infiltrate targets’ systems or infect them with malware.

According to GuidePoint Security, which has seen several such demand letters, they’re not clichéd magazine-letters-cut-out-and-pasted type of notes. Instead, they’re typed and dispatched by the postal service to members of the “victim” company’s executive team.

The letters state they’re sent by the BinLian ransomware group, according to Grayson North, senior threat intelligence analyst at GuidePoint Security, who told The Register: “To our knowledge, no one has fallen for the fake letters.”

The letters inform the recipients their networks have been compromised, sensitive information exfiltrated, and warn that a ransom of $250,000 (£200,000) to $350,000 (£275,000) must be paid within ten days or the data will be released.

The messages include a demand for payment in Bitcoin and thoughtfully include a QR code that links to the wallet to which the crooks suggest victims send the digi-bucks. A Tor link to BianLian’s data-leak site is also present, presumably to add credibility to the letters.

Despite the creative effort that went into these demands, GuidePoint’s North and fellow threat analysts Stephen Brzozowski and Hermes Bojaxhi have “a high level of confidence that the extortion demands contained within are illegitimate and do not originate from the BianLian ransomware group.”

Read More HERE.