Bomb Threat Extortion Emails

Posted on December 14th, 2018

We have been bombarded with email extortion lately. Recently, most of us received an email containing an old password and a threat to expose our internet search history unless we pay a hefty ransom via Bitcoin. We know these are hoaxes. Today, my inbox was full of people asking me about a specific message received at their business. While most of these messages were similar, some had minor wording differences. Here is a redacted example:

Hello.  My man has hidden the explosive device (Tetryl) in the building where your business is conducted. My recruited person built the bomb according to my guide. It can be hidden anywhere because of its small size, it can not damage the structure of the building, but there will be many wounded people if it explodes.

My mercenary is watching the situation around the building. If he sees any unusual behavior or emergency he will blow up the device.

I can withdraw my recruited person if you pay. 20’000 usd is the price for your life. Pay it to me in BTC and I guarantee that I have to call off my recruited person and the bomb will not detonate. But do not try to fool me- my warranty will become valid only after 3 confirms in blockchain network.

It is my BTC address – REDACTED

You have to send money by the end of the working day. If you are late with the payment the bomb will explode.
Nothing personal this is just a business, if you don’t send me the money and the bomb detonates, next time other companies will send me more money, because this isnt a one-time action.
 I will not visit this email account. I monitor my Bitcoin address every 35 min and after receiving the payment I will order my person to leave your district.

If a bomb detonates and the authorities read this email:
We are not terrorists and do not take liability for explosions in other places.

This scam seems to be hitting everything from small businesses to large corporations to government buildings and hospitals. Please spread the word that these are hoaxes, and to always do a bit of research before taking extreme action. I always encourage people to take a small unique sentence from these emails and search it within quotes. It will almost always reveal other sources. In this incident, the wave hit very quickly and online evidence was not present at the peak of the threats. At this time, I am monitoring a handful of BTC addresses, but so far no payments have been made to them (thankfully).

Here are a few articles that hit on “can withdraw my recruited person if you pay”:”can+withdraw+my+recruited+person+if+you+pay”

The “From” email addresses all appear to be either spoofed or hijacked accounts. In this scam, a return email is not necessary, so any address could be used. Unfortunately, I think we will see much more of this.


Filed under Security |


Recent Posts