Skip to content

Ransomware goes postal: US healthcare firms receive fake extortion letters

Posted by: GuidePoint Security

< 1 min read

March 5, 2025 – Published on CSO Online

In late February, healthcare organizations across the US started receiving extortion demands by mail claiming that their organization’s data had been stolen in a ransomware attack and giving them 10 days to respond.

According to the letters, printed on paper and delivered in envelopes purporting to be from the BianLian ransomware group, the data would be leaked unless the organization paid a ransom of between $250,000 to $350,000 in Bitcoin.

Now for the good news: the breaches never happened, and the letters are almost certainly fake, according to GuidePoint Security. GuidePoint researchers believe that the whole letter-writing campaign is a ruse by someone pretending to be BianLian, one of the ransomware industry’s up-and-coming threat groups.

Targeting healthcare organizations, the strange incident is a reminder that ransomware today is really two industries: a larger one that carries out the serious ransomware attacks everyone hears about and a much smaller and less well publicized one that tries to impersonate them.

Read More HERE.

Categories: Incident Response & Threat Intelligence
Tags:GRITransomware

GuidePoint Security

Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
In early March 2025, GRIT received reports from multiple organizations regarding suspicious physical letters delivered by mail from US addresses […]
View Page

Related Articles

View All

  • GRIT Blog
Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
Posted by: Grayson North
Published 03/04/25, 11:17am
Read More 5 min read
  • Incident Response & Threat Intelligence
GRIT 2025 Ransomware & Cyber Threat Report
Read More < 1 min read
  • GRIT Blog
Breaking Basta: Insights from Black Basta’s Leaked Ransomware Chats
Posted by: Jason Baker
Published 03/06/25, 01:07pm
Read More 13 min read