[German]The US authority CISA has issued a warning because criminals posing as the "BianLian Group" have launched an extortion campaign. The criminals are sending blackmail letters to company executives and threatening to pass on sensitive information if they do not pay. Here are a few details about this warning.
Advertising
The Cybersecurity and Infrastructure Security Agency (CISA) is a federal agency of the United States that specializes in the security of information technology and critical infrastructure. In the following post, I became aware of the current warning about blackmail by the BianLian Group on March 6, 2025.
In the article FBI Warns of Data Extortion Scam Targeting Corporate Executives, CISA passes on a warning from the FBI about extortion. According to the article, the Internet Crime Complaint Center (IC3) of the Federal Bureau of Investigation (FBI) has published a warning. A scam campaign is underway involving criminal actors posing as the "BianLian Group".
The cyber criminals are targeting company executives. They send them blackmail letters in which they threaten to release the victims' confidential data if no payment is made. CISA refers to the FBI document Mail Scam Targeting Corporate Executives Claims Ties to Ransomware with details. The letters, stamped "Time Sensitive Read Immediately" and sent to corporate executives, claim that the "BianLian Group" has gained access to the company's network and stolen thousands of sensitive data.
The letter then threatens that the victim's data will be published on BianLian's data leak pages if the recipients do not use an attached QR code linked to a Bitcoin wallet within ten days of receiving the letter. The extortion letters demand between 250,000 and 500,000 US dollars as payment. The group claims that it will not negotiate further with the victims.
Advertising
According to the FBI, the letters are an attempt to persuade organizations to pay a ransom. The letter contains a US-based sender address for the "BianLian Group" from Boston, Massachusetts. However, the FBI has not yet established any links between the senders and the known BianLian ransomware group. They are therefore likely to be free riders.
I have no idea whether there are similar cases in Germany. The FBI recommends informing company management and the organization about the attempted scam to make them aware. It should also be ensured that employees are informed about what to do if they receive a ransomware threat.
Anyone who receives one of these letters in the company should ensure that the network protection in the company's IT is up to date and that there are no active warnings about malicious activity. Ultimately, however, administrators and security managers would have to check this. However, the advice is not to respond to such blackmail attempts.
Advertising
