Content, Breach

Bitcoin Scammers Threaten to Bomb Businesses, Schools in Global Extortion Plot

Bitcoin scammers are threatening to detonate bombs planted in schools, businesses and organizations worldwide if the potential victims refuse to pay a large ransom. The threats appear to be part of a coordinated mass mailing.

The bombs supposedly have been left at locations in English-speaking countries worldwide, prompting school closings and evacuations at organizations in the U.S., Canada and New Zealand. At this point, no incendiary devices have been detected or exploded. Some banks receiving the threats have been warned “not to call the police.”

In an advisory posted on Thursday, December 13, the National Cybersecurity and Communications Integration Center (NCCIC) said it is “aware of a worldwide email campaign targeting businesses and organizations with bomb threats. The emails claim that a device will detonate unless a ransom in Bitcoin is paid.” The government cautioned those receiving a bomb threat email not to contact the sender, not to pay the ransom and to report the incident to the Federal Bureau of Investigation (FBI).

In a statement similar in content to the NCCIC’s alert, the FBI said that “we are aware of recent bomb threats made in cities around the country, and we remain in touch with our law enforcement partners to provide assistance. As always, we encourage the public to remain vigilant and to promptly report suspicious activities which could represent a threat to public safety.”

The text of the email (via KrebsOnSecurity):

My man carried a bomb (Hexogen) into the building where your company is located. It is constructed under my direction. It can be hidden anywhere because of its small size, it is not able to damage the supporting building structure, but in the case of its detonation you will get many victims.

My mercenary keeps the building under the control. If he notices any unusual behavior or emergency he will blow up the bomb.

I can withdraw my mercenary if you pay. You pay me 20.000 $ in Bitcoin and the bomb will not explode, but don’t try to cheat -I warrant you that I will withdraw my mercenary only after 3 confirmations in blockchain network.

Here is my Bitcoin address : 1GHKDgQX7hqTM7mMmiiUvgihGMHtvNJqTv

You have to solve problems with the transfer by the end of the workday. If you are late with the money explosive will explode.

This is just a business, if you don’t send me the money and the explosive device detonates, other commercial enterprises will transfer me more money, because this isnt a one-time action.

I wont visit this email. I check my Bitcoin wallet every 35 min and after seeing the money I will order my recruited person to get away.

If the explosive device explodes and the authorities notice this letter:
We are not terrorists and dont assume any responsibility for explosions in other buildings.

The threats are not to be easily dismissed, said security expert Brian Krebs, writing in a blog post. “I could see this spam campaign being extremely disruptive in the short run. There is little doubt that some businesses receiving this extortion email will treat it as a credible threat,” he said.

A number of  law enforcement authorities have confirmed online that they’re investigating the threats, including police in Massachusetts, Suffolk County, Long Island, NY, Oklahoma and Illinois along with agencies in Manitoba, Winnipeg and Ottawa. In one example, the New York City Police Department posted: “At this time, it appears that these threats are meant to cause disruption and/or obtain money. We’ll respond to each call regarding these emails to conduct a search but we wanted to share this information so the credibility of these threats can be assessed as likely NOT CREDIBLE.”

New Zealand’s cybersecurity agency CERT also posted an advisory about the threats. “While this is likely to be an opportunistic scam, New Zealand Police are treating this as a real threat until confirmed otherwise,” the alert said. (via the Verge)

This is a developing story. Check MSSP Alert for updates.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.