Bomb Threat Bitcoin Demands Cause Disruption, Evacuations | Threatpost | The first stop for security news

What looks to be an alarming email scam is making the rounds, with extortionists asking for Bitcoin payment in return for not detonating a set of bombs. Multiple law-enforcement agencies in cities across the U.S. responded to calls from recipients on Thursday, concluding that the threats are not credible.

One worker in San Francisco tweeted a picture of the bomb threat email, noting that it demands $20,000 by the end of tomorrow, or his place of work will be blown up.

So I actually just got a bomb threat in my work email today ordering me to send the person $20,000 via bitcoin or they will blow up my place of work…. 2018 is wild pic.twitter.com/sn0vVLwe6v

— Ryanocerous Grant (@TheeRyanGrant) December 13, 2018

The messages have been sent to banks, courthouses, schools and businesses throughout the day, disrupting operations for recipients and spreading concern among consumers. One Twitter user reported, “LA-based Call of Duty developer Infinity Ward was evacuated today after a bomb threat, part of what appears to be a wave of Bitcoin ransom demands.”

Brian Krebs also reported that his bank contacts were seeing a fair amount of disruption in the wake of the messages being sent.

Officials from Washington D.C. to Cedar Rapids (and a handful of Canadian cities, including Toronto and Vancouver) reported street closures, evacuations and thorough police investigations.

Oddly, the emails contain a legal disclaimer saying that the sender does not accept liability for any other acts of terrorism.

The good news is that the situation seems to be all threat and no reality. The NYPD tweeted out that: “While this email has been sent to numerous locations, searches have been conducted and NO DEVICES have been found.”

The FBI issued a statement late Thursday, noting that it was “aware of the recent bomb threats made in cities around the country, and we remain in touch with our law-enforcement partners to provide assistance. As always, we encourage the public to remain vigilant and to promptly report suspicious activities which could represent a threat to public safety.”

Troy Gill at AppRiver said that it seems to be a copycat technique of the widespread sextortion campaign going around – only with higher purported consequences. He too noted that it’s likely just a hoax.

“We have seen similar type threats made over the years, and none have come to pass so we can say with a high degree of certainty that these are based in fiction and are merely a desperate money grab,” he noted in a posting on Thursday.

He also analyzed the campaign and found that the messages “appear to be emanating from Moscow and the poor wording does fit with someone that is not a native English speaker, although these could always be false flags.”

Mukul Kumar, CISO and vice president of Cyber Practice at Cavirin, noted that this could also be seen as an example of poor user awareness and spam filtering.

“This is yet another example which calls out the need for organizations to conduct regular training of their employees as to the various threats,” he told Threatpost. “Enterprises conduct regular fire drills. Potential disruption from what is obviously a false threat is just as real. And, one of the risks here is if there had been links in the email that an employee could inadvertently click out of panic or confusion. Email filters would help here, not to mention blocking the source domain of the sender.”