Fraudsters have a novel new — errr — old tactic to scam targets into paying out ransoms.The FBI via the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert over an ongoing scam operation that targets C-suite executives in hopes of getting a ransomware payout.The threat actors claim to be affiliated with the BianLian ransomware group, though that claim seems more than a little dubious, given the nature of the operation. The targets are told that their network has been infected with ransomware and should they not pay up, customer data will be released to the public.All of this is bog standard ransomware extortion tactics, so why would the FBI feel the need to issue an alert over this particular scam? The answer lies in the method of delivery.Unlike virtually every other ransomware attack that delivers notification either via email or system alert on the infected machines, the operators of this attack have been delivering the notices via written letters delivered by the U.S. Postal Service.According to the FBI, the letters are specifically addressed to high-level executives, usually C-suite. The envelopes are marked as “Time Sensitive Read Immediately” and originate from an address in Boston.The letters themselves notify the target that their data has been stolen and should they not pay the ransom demand (anywhere from $250,000 to $500,000) within the next 10 days that data will be released to the public. The letter also includes a QR code that links to a Bitcoin wallet controlled by the hackers.The FBI did not say whether there have been any confirmed data breaches or successful payouts from the extortion campaign. Despite the scammers linking themselves to the BianLian outfit — which is believed to be based in Russia — even going so far as to put “BianLian Group” in the return address of the demand letters, there is not much to tie this campaign with the extortionware operation.“We have not yet identified any connections between the senders and the widely publicized BianLian ransomware and data extortion group,” the FBI said in its notice.While targeting of high-level executives (aka “whaling”) is nothing new for cybercrooks, the use of snail mail as the means of notification is a new twist on the common extortion scam using the age-old delivery method. It is possible that the attackers believe a printed letter will be seen as more official and thus likely to convince the targets to pay up.The feds advised administrators and senior executives to be on the lookout for the dodgy letters and, should they receive one, immediately notify the security team to perform a full scan and review for any signs of infection or suspicious activity.Additionally, companies are advised to review CISA’s Awareness Bulletin on BianLian and check for the indications of compromise for the malware infection. The FBI is also asking any organizations who receive the letter to report the matter to their local FBI field office.