FBI warns about new extortion scam targeting sensitive data

However, ransomware attacks are not limited to companies. 

The agency cautions that cybercriminals are sending extortion letters, threatening to release victims' sensitive information unless a ransom is paid.

Marked with "TIME SENSITIVE READ IMMEDIATELY," the letters allege that the attackers gained access through social engineering and exfiltrated sensitive files. However, no proof is provided, and investigations have found no signs of actual ransomware intrusions in affected organizations. The letters appear to be templated, with only minor variations, and include a QR code linked to a Bitcoin wallet. Some also feature a compromised password, likely to make the threat seem more credible.

This breach affected nearly half of the country's population. UnitedHealth attributed the attack to ALPHV/BlackCat, a Russian-speaking ransomware group that later claimed responsibility for the attack before being dismantled by law enforcement.

3. Educate and train employees on cybersecurity awareness: Many ransomware attacks start with phishing emails or social engineering tactics. As seen in the scam targeting executives, attackers often use fear-based tactics to manipulate victims into acting quickly. Train your employees, particularly high-level executives, to recognize suspicious emails, fraudulent requests and phishing attempts.

4. Backup data and maintain a secure recovery plan: Data backups are a critical safeguard against ransomware. Regularly back up critical data to secure, offline locations that ransomware cannot access. Testing your recovery plans frequently ensures that if an attack does occur, you can recover quickly with minimal impact on operations. In addition, consider using a cloud service with encryption to ensure that even if an attack happens, the backup remains safe.

6. Verify threats before taking action: If you receive a ransom demand (digital or physical), investigate its legitimacy. Scams often lack proof of data breaches or network compromise. Consult cybersecurity experts or law enforcement before responding.

7. Report suspicious activity: Notify law enforcement or organizations like the FBI's Internet Crime Complaint Center if you encounter scams or ransomware threats. Reporting helps authorities track and mitigate these activities.

Healthcare is seriously lagging when it comes to cybersecurity. It's crazy that so many health institutions don't have a CISO or a dedicated security team. Instead, the IT department, which isn't always trained in cybersecurity, gets stuck trying to handle it all. With so much sensitive data at risk, it's shocking that so many healthcare organizations still treat cybersecurity as an afterthought.

Cyberattacks are only going to get worse, and unless the industry steps up its game, it's just a matter of time before more hospitals, clinics and health systems get hit. It's time to take security seriously.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.