Would-be Extortionists Send “BianLian” Ransom Notes in the Mail

March 5, 2025 – Published on Infosecurity Magazine

Organizations have been urged not to fall for what appears to be a ransomware scam using physical letters.

GuidePoint Security claimed in a blog post yesterday that it had received reports of executives in multiple organizations being sent a suspicious letter purporting to come from the BianLian ransomware group.

In it, the sender claims to have compromised the recipient’s corporate network and stolen sensitive data.

“Mimicking the threats of a ‘true’ ransomware ransom note, the letters state that the stolen data will be leaked 10 days after receipt of the letter unless a substantial ransom is paid,” GuidePoint Security explained.

“The letter instructs the recipient to pay the ransom to an included Bitcoin wallet, which is made easier by including a QR code containing the wallet address. As a part of this specific campaign, we observed ransom demands ranging from $250,000 to $350,000 USD.”

Although the letters in question apparently contain Tor links to BianLian’s data leak site, the group responsible is almost certainly an imposter, GuidePoint claimed. That’s partly because of its near flawless mastery of English, and several other tell-tale signs, such as an unwillingness to negotiate on the ransom amount.

Read More HERE.