In late February, healthcare organizations across the US started receiving extortion demands by mail claiming that their organization’s data had been stolen in a ransomware attack and giving them 10 days to respond.
According to the letters, printed on paper and delivered in envelopes purporting to be from the BianLian ransomware group, the data would be leaked unless the organization paid a ransom of between $250,000 to $350,000 in Bitcoin.
Now for the good news: the breaches never happened, and the letters are almost certainly fake. Two security vendors that have studied the letters, Arctic Wolf and Guidepoint Security, now believe that the whole letter-writing campaign is a ruse by someone pretending to be BianLian, one of the ransomware industry’s up-and-coming threat groups.