CyberSecurityBoard
Sponsor Register Login

CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note | The Record from Recorded Future News

A spokesperson for the company told Recorded Future News that Arctic Wolf is aware of at least 20 organizations or executives who have received these letters. The letters have a return address based in Boston, Massachusetts and the FBI said it is still unclear whether there is any actual connection between the people behind the letters and the BianLian ransomware gang. In an alert on Thursday, the FBI said scammers are mailing letters to corporate executives claiming that they stole sensitive data and will publish it unless a demand is paid in Bitcoin. The Russia-based BianLian ransomware gang is known for attacks on charities like Save The Children as well as healthcare firms like Boston Children’s Health Physicians and Amherstburg Family Health Team. “In at least two letters, the threat actor included a compromised password within the How did this happen? section, almost certainly in an attempt to add legitimacy to their claim,” the cybersecurity experts said. Federal law enforcement agencies are warning business executives of a new scam involving criminals using the name of a prominent Russian ransomware gang to extort companies. BleepingComputer first reported on the incident, sharing a photo of the alleged letters sent through the U.S. Postal Service in Boston on February 25. “These letters did not provide a means to contact the threat actor for negotiations, which is often a central piece of any extortion note,” the researchers said. All of the letters reviewed by Arctic Wolf had nearly identical language and demanded ransoms between $150,000 and $500,000. The FBI said it believes the letters are an attempt to force organizations into paying a ransom. The letters also differed greatly from the ransom notes the gang typically leaves on victim networks. “All organizations that received the ransom letter had no activity indicative of a ransomware intrusion. Experts at a website called SuspectFile claimed they spoke to alleged BianLian ransomware actors who denied any involvement in the mail campaign. “Stamped ‘Time Sensitive Read Immediately,’ the letter claims the ‘BianLian Group’ gained access into the organization’s network and stole thousands of sensitive data files,” the FBI said. The letters had QR codes to Bitcoin wallet addresses and demanded payment within 10 days.

This Cyber News was published on therecord.media. Publication date: Fri, 07 Mar 2025 01:20:06 +0000


Cyber News related to CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note | The Record from Recorded Future News

CISA, FBI warn of BianLian mail scam targeting executives with $500k ransom note | The Record from Recorded Future News - A spokesperson for the company told Recorded Future News that Arctic Wolf is aware of at least 20 organizations or executives who have received these letters. The letters have a return address based in Boston, Massachusetts and the FBI said it is ...
1 month ago Therecord.media BianLian
FBI Warns of Threats Actors mimic as BianLian Group to Attack Corporate Executives - Unlike legitimate BianLian operations, which rely on technical compromises like exploiting ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) or leveraging stolen Remote Desktop Protocol (RDP) credentials—these letters lack ...
1 month ago Cybersecuritynews.com CVE-2021-34473 BianLian
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
6 months ago Therecord.media
Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam - Sophisticated Scam Targeting Token Holders: Over 100 popular projects' token holders targeted with fake NFT airdrops appearing from reputable sources. Multi-Stage Deception Uncovered: The ongoing Scam involves enticing victims to fraudulent websites ...
1 year ago Blog.checkpoint.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com LockBit Noescape
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
1 year ago Bleepingcomputer.com LockBit Noescape
FBI and CISA warn of opportunistic Rhysida ransomware attacks - The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors. Rhysida, a ransomware enterprise that surfaced in May 2023, quickly gained notoriety after breaching the ...
1 year ago Bleepingcomputer.com Rhysida
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
2 years ago Securityweek.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
CISA says it will continue to monitor Russian cyber threats | The Record from Recorded Future News - Both The Guardian and Washington Post bolstered the claims about CISA by saying a recent speech on critical infrastructure cyber threats by a senior State Department official did not mention Russia. The story emerged on Friday around the same time as ...
1 month ago Therecord.media
Trump administration planning major workforce cuts at CISA | The Record from Recorded Future News - The Department of Homeland Security, where CISA is housed, recently expanded its voluntary departure program to include early retirement and, in some cases, a buyout, dangling a lump sum payment of up to $25,000 to employees in roles slated for ...
2 days ago Therecord.media
New Phishing Scam Hooks META Businesses with Trademark Threats - The phishing scam falsely asserts that the victim's Facebook page will be permanently deleted due to a post allegedly infringing on trademark rights. There is no actual infringement; it's all part of the scammer's malicious plan. In a recent wave of ...
1 year ago Hackread.com
How the FBI Infiltrated the Hive Ransomware Gang Systems - The FBI has recently infiltrated the systems of the Hive ransomware gang, one of the most sophisticated and successful global cybercrime gangs. This infiltration is a major victory for the FBI in its fight against ransomware, cybercrime, and other ...
2 years ago Bleepingcomputer.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
2 years ago Csoonline.com Cloak
FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
1 year ago Bleepingcomputer.com Blacksuit
Security Alert! CISA Reports Refund Scam Targeting Federal Agencies Through Remote Management Software - The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert to federal agencies about a refund scam targeting them through remote management software. According to the alert, hackers have been using the remote software to ...
2 years ago Therecord.media
How CISOs Can Secure High-Level Executives: Keys to Consider - Securing high-level executives is a difficult task for CISOs for a number of reasons. Executives often have access to a large amount of sensitive data and play a critical role in an organization’s success, so protecting them from cyber threats is ...
2 years ago Csoonline.com
FBI warnings are true—fake file converters do push malware - "The FBI Denver Field Office is warning that agents are increasingly seeing a scam involving free online document converter tools, and we want to encourage victims to report instances of this scam," reads the warning. This JavaScript file is ...
2 weeks ago Bleepingcomputer.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
FBI's latest defense of warrantless S. 702 snooping is China The Register - Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government. Wray cited an example he's used previously about how, last ...
1 year ago Go.theregister.com Volt Typhoon
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
1 year ago Infosecurity-magazine.com
Royal ransomware may soon rebrand, BlackSuit links confirmed The Register - The FBI and the US govt's Cybersecurity and Infrastructure Security Agency have released fresh guidance on the Royal ransomware operation, saying that evidence suggests it may soon undergo a long-speculated rebrand. The agencies didn't specify a ...
1 year ago Theregister.com Blacksuit

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)