An unexpected Christmas gift from cyber thieves, their latest scam includes a nationwide wave of emails threatening to explode a bomb in the building unless a large bitcoin payment is made. The first wave of emails was sent out on December 13th to government agencies, schools and private organizations in America and Canada.
The email said that the hacker’s “recruited mercenary” had planted a bomb in their building and that it would be detonated unless a payment of $20,000 in bitcoin was received right away.
Similar in Nature to Sextortion Scams
The emails were first discovered and investigated by AppRiver researchers. They stated that these emails are in the same class as sextortion scams. In this type of scam, the hacker claims to have an embarrassing video of the recipient that will be posted online unless payment is received.
In some cases, local authorities were called in to search the premises of recipients and no bombs were discovered. The authorities have said that this is not a credible threat. The hackers are just throwing whatever they can at the wall to see if anything will stick.
AppRiver researchers say that this particular scam was not very well thought out. They claim that the thieves have not done much social engineering or even hacking. They’ve quietly put together a threatening email and sent it out to companies and agencies all across the U.S. and Canada.
Not a Very Sophisticated Attack
Paul Bischoff, a privacy advocate with Comparitech.com commented, saying, “This spam campaign is pure extortion, plain and simple. It’s not very advanced and doesn’t require much social engineering or any hacking whatsoever. It seems very poorly thought out if the aim was actually to make someone pay up. Even though bomb threats are scary, this is amateur scamming.”
For most Americans, bomb threats are frightening and people feel they should be taken seriously. Though the local police and FBI have completed numerous evacuations and searches, they have not turned up anything that could harm anyone in any of buildings that have been searched. At this time, some sources are saying that one set of the emails originated in Russia. Historically speaking, many phishing and ransomware scams do originate in communist countries like North Korea, China and Russia.
Several versions of the email are making the rounds online, threatening the use of different types of explosives. The criminals also include cryptocurrency payment information using various “wallets” where recipients should send their bitcoin payment. Authorities claim that using various wallets is a “common tactic” that cyber thieves often use in ransomware situations. This allows the crooks to keep tabs on who has paid and who hasn’t.
From New York City and Las Vegas to Columbus, Ohio, the police are monitoring the situation very closely. They are investigating these threats in spite of the fact that most experts don’t believe these are credible threats.
Other Countries Also Threatened
Similar threats were sent out to courthouses, newspapers and universities in New Zealand, Canada and Australia. The authorities in those countries are proceeding pretty much the same as American authorities. They are investigating the threats and evacuating buildings where it’s felt necessary, but so far, no bombs have been found.
Some experts believe that this may be a test by cybercriminals to see what type of resources various law enforcement agencies have to gauge the response on future extortion attempts. Another theory is that the criminals are trying to expend law enforcement resources so that they’re more vulnerable in the second wave of attacks.
A Terrible Idea
Many security analysts are claiming that this email scam was a “terrible idea” because now law enforcement agencies will work much harder to locate the criminals and put them in jail for making false bomb threats, which is a federal crime in the U.S.
Business Insider is reporting that the value of bitcoins has dropped 6 percent since the hoax began. The cost is now hovering around $3,300 per coin.
Authorities around the world are monitoring this situation and most have agreed to join in with the search and apprehension of these cyber crooks.
In the meantime, stay up-to-date on what’s happening in the world of information technology and how it can impact your business. Visit our Blog. Here are a few examples of what you’ll find.