Ransomware Hackers Threaten to Release Credit Card Data From Costa Rican Bank

Published at: May 6, 2020

A group of hackers dubbed Maze claims to have compromised the infrastructure of Banco BCR, a Costa Rican state-owned bank, and is now threatening to leak millions of credit card numbers.

On April 30, Maze claimed that it has scoped out the bank in August 2019:

“According to Financial Institutions Protocol this bank had to notify other institutions about the security breach case. But nothing was made. Servers and workstations were not blocked. Private data was not secured. Anyway the Bank decided to conceal information about the breach. Though the security personnel were able to analyze the attack logs and to see that the attackers have accessed the payment processing system. We have stopped the attack as the possible damage was too high.”

Maze states that subsequently, in February 2020, they checked the systems and saw that nothing was done to fix the cybersecurity vulnerabilities. The hackers claim that because of this, they decided to steal the data from the bank, including transaction information and credit card data:

“We have got over 11 milion credit card credentials. Over 4 millions of those credit cards are unique. [Of those cards,] 140,000 belong to US citizens.”

The ransomware group announced on May 5 that it was going to leak the information without concealing card numbers. While in this particular instance there is no data on the amount of Bitcoin (BTC) requested by the hackers, the group has ransomed data in the past.

Do not take ransomware group’s claims too seriously

Brett Callow, cybersecurity threat analyst at Emsisoft previously told Cointelegraph that hacker's claims should be viewed suspiciously:

“Claims made by ransomware groups should be taken with a grain of salt. [...] The details that the criminals choose to release will be cherry-picked and only information that they want to be in the public domain — probably because they believe it will help their cause in some way. [...] The press should avoid portraying ransomware groups as being in any way Robin Hood-like or repeating claims that assist them.”

As of press time, Banco BCR has not answered Cointelegraph's request for comment.

Ransomware activity continues amid the pandemic

As Cointelegraph reported in late April, a recent report showed a major drop in the number of ransomware attacks carried out during the pandemic on the United States public sector. Still, this is unlikely to be linked to the cybercriminals’ willingness to avoid damaging the public sector amid the distress already caused by the coronavirus.

In fact, at the end of April, hackers reportedly compromised the largest health center in Pueblo County, Colorado with cryptocurrency ransomware. While the hospital’s official statements claim that it won’t affect patient care, workers allegedly said that the paper-based record-keeping methods to which they have resorted are cumbersome and could negatively impact services.

Tags
Related Posts
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020
Ransomware Threatens Production of 300 Ventilators Per Day
The FDA-approved Coronavirus ventilator manufacturer Boyce Technologies has been targeted by ransomware launched by the DoppelPaymer gang, who are threatening to leak data from the company. Cointelegraph has viewed the DoppelPaymer blog, where the gang lists example files of the data stolen during the attack, including sales and purchase orders, assignment forms, among others. The cybercriminals have threatened that more information will be disclosed next week through the site if an undisclosed crypto ransom is not paid by the firm. Boyce Technologies is well-known for its work in designing and manufacturing FDA-approved low-cost ventilators in just 30 days during the …
Blockchain / Aug. 7, 2020
Maze Ransomware Group Hacks Two Plastic Surgeons
A cybercrime group recently infected two plastic surgery studios with ransomware. They subsequently leaked patient’s social security numbers and other sensitive information onto the internet. Emsisoft threat analyst, Brett Callow, told Cointelegraph on May 5 that Maze recently took credit for hacking a plastic surgeon named Kristin Tarbet. They also claim to have hacked the Ashville Plastic Surgery Institute. He explained that in Tarbet’s case, the hackers have already leaked highly sensitive data: “The data that has been posted included names, addresses, social security numbers as well as what appears to be before and after photos and photos taken during …
Bitcoin / May 6, 2020
Law Enforcement’s Guide to Policing Crypto Cybercrimes
2019 demonstrated that cyber-attacks are getting more numerous in the cryptocurrency industry, while hardware remains vulnerable and high-profile data leaks are becoming more common. Even worse, the trend is a continuing one. Way back in June 2018, Kaspersky Lab security experts reported an increase in the amount of malware targeting the cryptocurrency market. They noted a trend toward the spread of two types of malware: for hacking cryptocurrency wallets and for malicious Bitcoin (BTC) mining. As cybercrimes using digital money have begun to affect more countries and involve more advanced technologies, entire states and government organizations have come to grips …
Blockchain / Feb. 19, 2020
ESET Flags New Latin American Banking Trojan That Targets Crypto
Major Slovakia-based antivirus software provider ESET has discovered a banking trojan that can steal cryptocurrencies and is especially widespread in Latin America. Primary targets Known as “Casbaneiro” or “Metamorfo,” the newly found malware family targets banks and cryptocurrency services located in Brazil and Mexico, ESET’s editorial arm WeLiveSecurity reports Oct. 3. According to the report, Casbaneiro uses a social engineering execution method, which displays fake pop-up windows misleading potential victims to enter sensitive information. The capabilities of the malware are typical of Latin American banking trojans that can take screenshots and send them to command and control server, simulate keyboard …
Blockchain / Oct. 3, 2019