Give Us $20,000 Or We’ll Blow Up Your Office

Give Us $20,000 Or We’ll Blow Up Your Office

An insidious new type of spam email is threatening to blow up offices unless the attackers receive $20,000, according to security company Kaspersky.

The empty threats were picked up by the security company’s junk mail traps in late August and signify a malevolent new twist in spam extortion.

“My recruited person hid a bomb (Tetryl) in the building where your business is conducted,” reads the text of one such spam message. “It was assembled according to my instructions. It is small and covered up very well, it is impossible to damage the building structure by this explosive device, but there will be many wounded people is [sic] case of its explosion.”

“My man is controlling the situation around the building. If he notices any suspicious activity or policeman [sic] the device will be blown up.”

The message goes on to demand $20,000 in the cybercriminals’ currency of choice, Bitcoin, to “call off my mercenary”.

The threats are, of course, fake – and spectacularly badly timed given that many offices are now almost deserted because of the ongoing Coronavirus pandemic.

Yet, it only takes one or two vulnerable recipients to fall for the scam to make it worthwhile for the fraudsters.

Raising the stakes

Kaspersky say the messages aren’t being specifically targeted at businesses. Instead, they’re using huge mailing lists in the hope that someone, somewhere will fall for the hoax.

“The main difference in the ‘explosive’ version is the increase in the ransom amount,” said Kaspersky’s research development team lead, Roman Dedenok, in a blog post on the company’s website. “Whereas individuals are asked to cough up the equivalent of $500–1,000 in bitcoin (the maximum we’ve seen was around $5,000), for companies supposedly rigged with explosives the amount rises to roughly $20,000.”

Kaspersky says it’s seen versions of the bomb-threat message in both German and English, but they appear to be the work of a single attacker.

As Kaspersky points out, the nature of the threat means the attackers may face not only fraud charges, if caught, but they may potentially fall foul of terrorism laws, which carry much greater penalties.

Source Article