Criminal actors masquerading as BianLian Group send extortion letters to corporate executives; FBI issues an alert announcement

Online scams are not something new or unknown to us. Over the years many protective measures have been announced and taken to avoid these scams and frauds. But as people have become more and more aware of these fraudulent activities, the fraudsters also come up with new ways and techniques to fool people.

Well, today CISA (Cybersecurity & Infrastructure Security Agency) has warned about another ongoing scam where criminals are posing as “BianLian Group” are sending extortion letters to corporate executives, threatening to leak sensitive info unless paid.

🚨 Urgent Alert: Criminals posing as "BianLian Group" are sending extortion letters to corporate execs, threatening to leak sensitive info unless paid. Report incidents to CISA at Report@cisa.gov. Review our alert for more 👉 https://t.co/RfiPZqff48 #Cybersecurity pic.twitter.com/Hwn7buUGdm

— CISA Cyber (@CISACyber) March 6, 2025

Federal Bureau of Investigation (FBI)  Internet Crime Complaint Center (IC3) has also released an alert warning of this particular scam.

As per the announcement, the scam involves letters delivered in the mail from unidentified criminal actors to corporate executives, claiming to have come from a ransomware group. The letter was stamped “Time Sensitive Read Immediately”, and claims the “BianLian Group” gained access to the organization’s network and stole thousands of sensitive data files. The letter then goes on to threaten that the victim’s data will be published to BianLian’s data leak sites if recipients do not use an included QR code linked to a Bitcoin wallet to pay between $250,000 and $500,000 within 10 days from receipt of the letter, claiming the group will not negotiate further with victims.

According to the FBI, the letters are an attempt to scam organizations into paying a ransom. Though the letter contains the return address of BianLian Group, the FBI has yet not found any connection between the senders and the widely publicized BianLian ransomware and data extortion group.

FBI recommends individuals take the following precautions:

• Notify corporate executives and the organization of the scam for awareness.
• Ensure employees are educated on what to do if they receive a ransom threat.
• If you or your organization receive one of these letters, ensure your network defenses are up to date and that there are no active alerts regarding malicious activity.
• If you discover you are a victim of BianLian ransomware, please visit our Joint Cybersecurity Awareness Bulletin for recent tactics, techniques, procedures, and indicators of compromise to help organizations protect against ransomware.

FBI requests victims report any incident to their local FBI Field Office or the Internet Crime Complaint Center (IC3).  Organizations are also asked to report such incidents and anomalous activity to CISA’s 24/7 Operation Center at Report@cisa.gov or (888) 282-0870.