Fake BianLian ransom notes mailed to US CEOs in postal mail scam

March 5, 2025 – Published on BleepingComputer

Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service.

The fake ransom notes were first reported by GuidePoint Security today, with BleepingComputer later being sent a scan of the note from a CEO who received the same letter.

The envelopes for these ransom notes claim to be from the “BIANLIAN Group” and have a return address located in an office building in Boston, Massachusets. The letters are being mailed to the CEO of the companies at their corporate mailing address and show that they were processed through a postal facility in Boston, with the envelope marked, “Time Sensitive Read Immediately.”

The envelopes contain a ransom note addressed to the company’s CEO or another executive, claiming to be from the BianLian ransomware operation. According to notes reviewed by BleepingComputer, they are tailored to the company’s industry, with different types of allegedly stolen data corresponding to the company’s activities.

For example, fake BianLian ransom notes sent to healthcare companies claim that patient and employee information was stolen, while those targeting product-based businesses allege the exposure of customer orders and employee data.

Read More HERE.