Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Malicious actors are sending physical letters to healthcare organisations containing ransomware hacking claims.
The US Federal Bureau of Investigation has warned of a scam campaign involving letters that appear to be sent from the BianLian ransomware gang.
At this time, the FBI does not know who is behind the letter-writing campaign but is aware that the letters contain a return address based in a major US capital, Boston.
The letters are marked “Time Sensitive Read Immediately” and claim that the BianLian group has access to the addressee’s network; include a QR code linked to a bitcoin wallet; and demand a ransom of between US$250,000 and US$500,000.
“FBI assesses the letters are an attempt to scam organisations into paying a ransom,” the FBI said in a 6 March advisory.
“We have not yet identified any connections between the senders and the widely-publicised BianLian ransomware and data extortion group.”
Cyber security firm Arctic Wolf has been tracking the campaign, and so far at least 20 organisations have been targeted, with the majority being in the healthcare sector.
“Over 75 per cent of known organisations that have received these letters were within the healthcare industry,” said Arctic Wolf’s chief information security officer, Adam Marré, himself an FBI special agent.
“All healthcare organisations have the same ransom amount of $350k.”
However, Marré does note this is simply what Arctic Wolf has observed, and the actual percentage may be skewed.
Nonetheless, this appears to be a novel campaign.
“We are not aware of known ransomware groups using physical mail to extort organisations. A tactic like this is pretty inefficient, having an individual mail letters to organisations one by one,” Marré said.
“It also presents a unique challenge – there isn’t any contact information for payment issues or correspondence.
“The return address routes the searcher to an office building, which doesn’t offer much for the victim to respond to.”
The letters are being sent to both business addresses, to specific executives and in some cases, to a home address.
Marré believes the apparent scam campaign proves that criminals will go to any length to make money.
“In this case, the threat actors are likely using BianLian’s namesake to add legitimacy to the extortion claims,” Marré said.
“That said, the limited cases we mentioned, where an executive received the notice to their home address, are particularly startling. Normally we see businesses targeted far more than individuals at the company, even if credential stealing was leveraged to gain access to the organisation.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
