Ransomware is a major threat to every industry. In recent years, hackers have increasingly targeted companies with ransomware, locking their data unless a ransom is paid. In some cases, they also threaten to leak the stolen data online if the company refuses to comply, as seen in the UnitedHealth breach, where hackers reportedly demanded $22 million. However, ransomware attacks are not limited to companies. According to the latest FBI warning, they also target employees, particularly corporate executives. The agency cautions that cybercriminals are sending extortion letters, threatening to release victims’ sensitive information unless a ransom is paid.
What you need to know
The FBI is warning businesses, particularly those in the healthcare sector, about a scam involving physical ransom letters sent via the U.S. Postal Service. These letters, falsely claiming to be from the ransomware group BianLian, demand Bitcoin payments ranging from $150,000 to $500,000 in exchange for not leaking supposedly stolen data.
Marked with “TIME SENSITIVE READ IMMEDIATELY,” the letters allege that the attackers gained access through social engineering and exfiltrated sensitive files. However, no proof is provided, and investigations have found no signs of actual ransomware intrusions in affected organizations. The letters appear to be templated, with only minor variations, and include a QR code linked to a Bitcoin wallet. Some also feature a compromised password, likely to make the threat seem more credible.
Sent from Boston, Massachusetts, with U.S. flag stamps, these letters differ significantly in tone and wording from known BianLian communications. Authorities believe this is a fear-based scam designed to trick organizations into paying a ransom for a breach that never happened.
DATA REMOVAL DOES WHAT VPNS DON’T: HERE’S WHY YOU NEED BOTH
Healthcare industry needs to work on cybersecurity
Ransomware is hitting healthcare harder than ever. It is now the third most targeted industry after finance and manufacturing, with attacks rising more than 32% from 2023 to 2024. These attacks do not just put data at risk. They also disrupt hospitals, slow down care, and create chaos for doctors and patients.
The Ascension cyberattack in May 2024 is a clear example. Hackers locked medical staff out of critical systems, shut down phone lines, and blocked tools needed for tests, procedures, and medications. At first, the breach was reported with an estimated 500 affected individuals, but by December, that number had jumped to nearly 5.6 million.
UnitedHealth’s Change Healthcare unit experienced a massive data breach in February 2024 that further highlighted the vulnerability of the sector. Initially reported to impact around 100 million people, the number later grew to 190 million, making it the largest medical data breach in U.S. history.
This breach affected nearly half of the country’s population. UnitedHealth attributed the attack to ALPHV/BlackCat, a Russian-speaking ransomware group that later claimed responsibility for the attack before being dismantled by law enforcement.
HUGE HEALTHCARE DATA BREACH EXPOSES OVER 1 MILLION AMERICANS’ SENSITIVE INFORMATION
7 ways to avoid ransomware attacks (and fake ransomware scams)
1) Install strong antivirus software and regularly update software: The first line of defense against ransomware is ensuring that your systems are equipped with the latest security tools. Keep all software and devices up-to-date to avoid vulnerabilities that hackers can exploit. Install firewalls, strong antivirus software, and intrusion detection systems to block malicious activities before they can cause harm. Regularly patch operating systems and applications to stay ahead of cybercriminals. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Watch the latest episode of The CyberGuy Report.
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s Prime Day picks for useful gadgets, practical upgrades and everyday tech while the deals last.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
2) Implement strong password policies and use a password manager: Ensure all passwords are unique, at least 15 characters long, and include a mix of uppercase and lowercase letters, numbers, and symbols. Also, consider using a password manager to generate and store complex passwords securely. This reduces the risk of password reuse and weak passwords, which are common entry points for ransomware attacks. One of the best password managers out there is NordPass. It is secure, user-friendly, and uses zero-knowledge and military-grade XChaCha20 encryption to protect your data. It supports Windows, macOS, Linux, Android, iOS, and major browsers while offering unlimited password storage, secure sharing, password health reports, data breach monitoring, auto-fill, and emergency access.
Get more details about my best expert-reviewed Password Managers of 2025 here.
3) Educate and train employees on cybersecurity awareness: Many ransomware attacks start with phishing emails or social engineering tactics. As seen in the scam targeting executives, attackers often use fear-based tactics to manipulate victims into acting quickly. Train your employees, particularly high-level executives, to recognize suspicious emails, fraudulent requests, and phishing attempts.
4) Backup data and maintain a secure recovery plan: Data backups are a critical safeguard against ransomware. Regularly back up critical data to secure, offline locations that ransomware cannot access. Testing your recovery plans frequently ensures that if an attack does occur, you can recover quickly with minimal impact on operations. In addition, consider using a cloud service with encryption to ensure that even if an attack happens, the backup remains safe.
5) Utilize two-factor authentication (2FA): Two-factor authentication is an essential security measure that adds an extra layer of protection to sensitive systems and data. With 2FA, even if attackers manage to obtain login credentials, they won’t be able to access critical systems without the second factor of authentication, whether it’s a code sent to a phone or biometric verification.
6) Verify threats before taking action: If you receive a ransom demand (digital or physical), investigate its legitimacy. Scams often lack proof of data breaches or network compromise. Consult cybersecurity experts or law enforcement before responding
7) Report suspicious activity: Notify law enforcement or organizations like the FBI’s Internet Crime Complaint Center (IC3) if you encounter scams or ransomware threats. Reporting helps authorities track and mitigate these activities.
FBI WARNS OF DANGEROUS NEW ‘SMISHING’ SCAM TARGETING YOUR PHONE
Kurt’s key takeaway
Healthcare is seriously lagging when it comes to cybersecurity. It’s crazy that so many health institutions don’t have a CISO or a dedicated security team. Instead, the IT department, which isn’t always trained in cybersecurity, gets stuck trying to handle it all. With so much sensitive data at risk, it’s shocking that so many healthcare organizations still treat cybersecurity as an afterthought. Cyberattacks are only going to get worse, and unless the industry steps up its game, it’s just a matter of time before more hospitals, clinics, and health systems get hit. It’s time to take security seriously.
Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
1 comment
I am so sick and tired of these companies being so reactive and not proactive. They’re afraid to spend the money to protect their clients and customer’s precious information and sensitive information so it turns out that if they get hacked which more than likely eventually they will they end up spending even more and all that customers information is now out there in the dark web.