Hello, welcome to the Friday, December 14th, 2018 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich.

And today I'm recording from Washington, D.C. Today, numerous organizations reported that they received

email bomb threats that asked for Bitcoin Ransom.

Now, all of these emails appear to come from the same source.

They're very similar in their wording, if not identical.

They all mention a very specific chemical for the bomb,

but that chemical actually changes from email to email, and they all ask for

exactly $20,000 worth of ransom to be paid in Bitcoin. The Bitcoin addresses appear to differ,

however, from email to email. So overall, this looks very much like fake bomb threats and I don't think at least as far as

I can tell from the samples that I have received that anybody has paid the ransom yet.

However, it has caused some disruption based on the fact that organizations typically have fairly strict protocols

in how to deal with bomb threats and to take bomb threats seriously.

Of course, it's difficult to tell why these emails were sent.

The obvious reason would be just to make money with the ransom and it's possible that a couple

of organizations paid the ransom,

but bomb threats are often being executed in order to disrupt the target organizations,

knowing that there's typically some form of evacuation of buildings happening and such,

which, of course, can take a while until the bomb thread itself is resolved.

If you have any samples of these emails, please forward them to us. We received a couple, but

not really a large number. It appears that these emails are at least somewhat targeted, so

not every organization is receiving them, but the only fairly selected

target group of organizations appears to be receiving them. Over the next days, I also expect

...