Sextortion Scammers Sent Organizations Bomb Scare Emails Demanding Bitcoin

[cageymaru]

Sextortion scammers sent multiple organizations emails containing bomb threats yesterday. The perpetrators threatened to injure multitudes of people in the buildings where the emails were opened, if their demands for a $20,000 Bitcoin payment were not met. Previously these sextortion emails would threaten to dump acid on the victim, expose a dark secret, release an explicit video of them or physically beat them up. Cisco Talos says that none of the companies that were sent bomb scares paid the extortionists.

So far, all of the samples Talos has found to be associated with the bomb threat attack were sent from IP addresses belonging to the domain registrar and hosting company reg.ru, suggesting that the attackers in this case may have compromised credentials for domains that are hosted at this particular domain registrar. Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign. In those cases, the attackers sent out emails claiming to have compromising videos of the victim and will release them to the public unless the attacker receives a Bitcoin payment.

 

[RogueTadhg]

This is only mail because of it being with bitcoin?

 

[c3k]

Who falls for this stuff?

 

[pendragon1]

apparently it was all over north America. heres our local story:
http://www.msn.com/en-ca/news/newsp...merica-investigate-similar-reports/ar-BBQVl1k

 

[alxlwson]

My dad was at a place in northern Ohio for work yesterday and he was telling me they sheltered in place and then an hour and a half went by and a sheriff showed up with one dog. Cleared a million sqft building in 20 minutes, lol.

 

[lucidrenegade]

We had to evacuate our office and work from home the rest of the day today because of this shit.

 

[motqalden]

Who falls for this stuff?

These are a little different because they actually share some piece of your information that they shouldn't have like the password to the email account you got the message in. This makes the recipient alot more likely to believe they have been compromised since technically they have, but not to the extent that the message claims. At my work i got 2 calls from people who got these emails and the message came from their email address (spoofed) but it had their password for some account they had been using at some point, so understandably they were concerned.

Edit: I'm talking more about the sextortion variation of this attack

 

[Galvin]

Stuff like this works. Cause we're scared shitless since 9/11

 

[NeoNemesis]

What the fuck is tronitrotoluene?

 

[alxlwson]

What the fuck is tronitrotoluene?

Trinitrotoluene is TNT, in case you were being serious

 

[Probleminfected]

should have asked for monero, btc is easily tracked.

 

[THRESHIN]

i figured they would have asked for something valuable.

 

[Eickst]

Unfortunately there are a couple issues here as to why this was 'successful' in causing evacuations.

1) Total lack of any kind of security awareness of the people receiving these emails. They don't realize it's fake, they see 'bomb threat' and react accordingly

2) Litigious society - Most companies are absolutely terrified of being held liable, if they received this email and didn't evacuate and something actually happened, they'd be on the hook for untold amounts of damages

Most cyber security aware individuals could read this and know it was fake in one pass over its contents. The grammatical errors, asking for bitcoin, etc., are all red flags to its credibility.

 

[haste.]

Seems more like a trial/test run to gauge success rate or political and or commercial impact. Too widespread and random...

 

[viscountalpha]

Seems more like a trial/test run to gauge success rate or political and or commercial impact. Too widespread and random...

I'd second this. My worry is someone might pull a inverted Boy who cried wolf and eventually it does turn out to have an explosive planted somewhere. However, given the sloppiness here, I doubt they would be capable of pulling off something as smart as that.

 

[lollerwaffle]

This is also successful because we are increasingly using "Zero Tolerance" policies where you shut off your brain and just look for keywords and then act without regard for consideration.

 

[Bearsahrk]

Someone at my place of business called the cops because of getting that email causing an evacuation of my building. Made me miss an important meeting. I should go break their shit.

 

[M76]

Stuff like this works. Cause we're hitless since 9/11

I thought people stopped using 9/11 as some bargaining chip or excuse 5 years ago.

No, it always was and is the same: Scam only works if there is someone to fall for it.

 

[Poseur]

Until they actually blow something up, they have no credibility. Until they actually show me a picture of me from "my webcam", they're junk mail. BUT, you'd think this would be the kind of thing the NSA could make themselves USEFUL with. If they claim they're in a foreign country, they're a legitimate target. If they claim they're domestic, they'd have to work with the FBI. Big deal.

 

[NeoNemesis]

Trinitrotoluene is TNT, in case you were being serious

Read the threat. They were threatening to detonate tronitrotoluene.

 

[alxlwson]

Read the threat. They were threatening to detonate tronitrotoluene.

Ohh lol

 

[RealBeast]

We had to evacuate our office and work from home the rest of the day today because of this shit.

Nice, hopefully paid time off.

 

[haste.]

I'd second this. My worry is someone might pull a inverted Boy who cried wolf and eventually it does turn out to have an explosive planted somewhere. However, given the sloppiness here, I doubt they would be capable of pulling off something as smart as that.

That's the concern. This was incredibly sloppy, but anytime I read articles like this I always feel like it's an RSE test run. We often underestimate these players especially if it's a state player.