Bitcoin Wallet Addresses in the Fake Letter
A new fraud scheme has emerged in the United States, where criminals are distributing counterfeit ransom letters by mail, falsely claiming to represent the cybercriminal group BianLian.
The envelopes are marked with the sender’s name, “BIANLIAN GROUP,” and list a return address leading to an office building in Boston, Massachusetts. These letters, addressed to corporate executives, are labeled “Urgent – Read Immediately.” Postal markings indicate that the mailings were dispatched on February 25, 2025, from a Boston post office.
The content of the letters is tailored to the recipient’s industry. Healthcare organizations receive threats alleging the theft of patient and employee data, while businesses handling customer transactions are warned of impending leaks of client information. The letters claim that cybercriminals have infiltrated corporate systems and exfiltrated confidential documents, including financial reports, tax records, and employee personal data.
Unlike the real ransom demands typically associated with BianLian, these fraudulent letters assert that negotiations with victims are no longer an option and impose a strict 10-day deadline for ransom payment in Bitcoin. Each letter contains a QR code and a Bitcoin wallet address, demanding sums ranging from $250,000 to $500,000. For healthcare organizations, the ransom is set at a fixed amount of $350,000.
Some of the letters include genuine leaked passwords in an attempt to make the threats appear more credible. However, cybersecurity experts have found no evidence linking these letters to actual cyberattacks. According to specialists at GuidePoint Security, these letters are not affiliated with the BianLian group and are merely a scare tactic designed to pressure corporate executives into making ransom payments.
Although these letters do not pose an immediate cybersecurity threat, IT and security teams should alert executives about this emerging fraud scheme. This scam represents an evolution of previously common email-based fraud tactics, now repurposed for direct targeting of high-level corporate leaders. The legitimate BianLian group has not issued any statements regarding the impersonation.
