Spammers have sent a wave of threats to businesses, schools, and other locations, demanding bitcoin in exchange for not detonating a supposed bomb. There’s no evidence of any actual explosives being placed or detonated, but it’s still caused numerous evacuations and law enforcement investigations, and police are investigating potential threats, asking victims to exercise caution.
Several examples of the email threat have been posted online. A typical example, printed by the Cedar Rapids Police Department in Iowa, carries the subject line “Do not waste your time.” Its sender warns that a man has carried an explosive device into “the building where your business is conducted.” (The explosive material appears to vary across messages.)
The sender demands $20,000 in bitcoin by the end of the day, claiming the “recruited person” will detonate the bomb if he sees any police activity or unusual behavior. “Nothing personal this is just a business,” the email continues. “If the explosive device detonates and the authorities see this letter: We are not terrorists and dont [sic] assume any liability for explosions in other places.” The messages include a bitcoin wallet address; it’s not yet clear how many people — if any — have actually paid a ransom.
MSP and partner agencies on federal and local levels are conducting risk assessment procedures regarding the threats and will determine appropriate responses. NO indications of any explosives located or detonated to this point. We will continue to communicate info when available. https://t.co/fPXhNy2vPF
— Mass State Police (@MassStatePolice) December 13, 2018
We’re working a number of bomb threat calls in OKC. There have been similar threats called into several locations around the country. No credible threat found at this point. We encourage the public to continue to be vigilant and call with anything suspicious.
— Oklahoma City Police (@OKCPD) December 13, 2018
The bitcoin wallet where the ransom money is to be sent varies between messages. (The Verge was able to confirm at least three distinct wallets.) Creating a separate wallet for each target is a common tactic for ransomware scams, allowing criminals to verify which targets have paid up. Other variations in the messages are harder to explain. Most of the threats name a specific explosive, but the explosive varies between messages. Common choices include tetryl, tronitrotoluane [sic], and hexigen.
We still don’t know exactly how far this email has spread, but police departments across the US have posted about the threats. At least one threat was noted in the UK, and a Toronto subway station was shut down because of a threat, although it’s not immediately clear whether it’s related. “They’re coming in really fast. I have no idea how many reports our folks have taken,” a Cedar Rapids Police Department spokesperson tells The Verge. The spokesperson was not aware of anyone having transferred money to the addresses.
The New York Police Department posted an advisory online about the emails, saying it was “currently monitoring multiple bomb threats.” It noted that similar threats had been reported across the country, saying that they “are NOT considered credible at this time.” The Oklahoma City Police tweeted that “no credible threat found at this point,” but said that “we encourage the public to continue to be vigilant and call with anything suspicious.”
Today’s wave of emails is similar to — but more overtly threatening than — another widespread ransom scam earlier this year. In that case, scammers sent an email claiming that they had recorded webcam footage of targets watching online porn. A number of people seem to have actually paid the ransom demands in those messages, although that doesn’t necessarily mean the same will happen here.
In a statement, the Federal Bureau of Investigation said that “we are aware of recent bomb threats made in cities around the country, and we remain in touch with our law enforcement partners to provide assistance. As always, we encourage the public to remain vigilant and to promptly report suspicious activities which could represent a threat to public safety.”