Dear Customer,

We are sharing information with you of a recent mail scam targeting corporate executives with claims tied to ransomware. Nationally, multiple companies have received letters stating that their corporate networks have been compromised and sensitive data, including customer and employee information, has been stolen. The letters include a demand for a cryptocurrency ransom, with a 10-day deadline to prevent the data from being leaked online. A Public Service Announcement from the FBI can be found at: Internet Crime Complaint Center (IC3) | Mail Scam Targeting Corporate Executives Claims Ties to Ransomware.


WHAT TO KNOW:

  • These threats follow a pattern seen in ransomware attacks, where cybercriminals not only encrypt data but also steal it to extort payment. However, the letters in question have unique characteristics: they claim that the senders no longer negotiate with victims, and they are well-written with minimal grammatical errors. The amounts demanded range from $150,000 to $500,000.
  • The letters are also personalized based on the recipient’s industry. For example, a healthcare CEO may receive a letter warning about patient data theft, while a product maker CEO may be warned about breached customer orders and employee data.
  • According to multiple examples discovered by researchers, they were sent through the US Postal Service. The envelopes containing the letters are stamped with the words “TIME SENSITIVE READ IMMEDIATELY” and have the following return address listed:

    BianLian Group
    24 Federal St, Suite 100
    Boston, MA, 02110

  • Included in the letter is a QR code containing the Bitcoin wallet address the group is using to collect payments.


WHAT TO DO:

  • We advise all recipients of such letters to notify their IT or security teams immediately for a thorough investigation. It is crucial to verify the security of your business and take appropriate measures to protect your data. 
  • Report the letters you received to local law enforcement by filing a complaint through the Internet Crime Complaint Center (IC3). This process ensures that your report is properly routed to the appropriate FBI field office for further investigation. The FBI is actively monitoring this campaign and is aware of its ongoing activity. 
  • Share information with employees and executives to increase awareness so they can quickly recognize and report a potential incident.


Thank you for your attention to this important matter.

Sincerely,

Northfield Savings Bank