The FBI periodically releases warnings and bulletins regarding popular scams that impact businesses and consumers. Their March 6 brief highlighted a scam rooted in cyberspace, but attacking victims through the postal service.
Victims in this scheme are generally corporate executives. They receive a letter at their physical address warning them that their business has been the victim of ransomware. The letter includes a QR code with instructions on paying the ransom via Bitcoin.
In all of the cases examined by cyber security experts, none of the companies were actually the victims of ransomware. Some of the letters did include a password that the executive used at some point, as “proof” that their account or data had been accessed, or included specific details about software platforms used within their corporation. The letters may indicate that the business was part of an earlier breach or compromise.
What You Should Do
Please make sure that your team is aware of this threat, so that if you receive similar communications you can respond calmly. If you or someone at your business or organization receives a letter like this:
- Review the FBI release for links to report the scam
- Evaluate the letter and your network/data for signs of malicious activity
- Review your team’s security plans and reinforce awareness
- Ensure everyone knows the proper steps to respond to potential threats
Take this opportunity to review your organization’s incident response plan. If you need help evaluating your security posture, contact our team.