Monday, December 23, 2024

Bank acknowledges attempted cyberattack but denies data compromised

A United States cybersecurity firm has revealed that a cyber attack took place last week against a Mexican bank, although the bank says the attack was unsuccessful and no information was extracted.

Cyble, Inc. disclosed that CIBanco’s systems had been infected by REvil ransomware. The attackers had released some of the data collected but were threatening to sell the remainder, which purportedly included sensitive information about the bank’s employees and customer accounts and passwords, if a ransom payment were not made.

After customers noted an interruption in service and complained on social media of not having access to their accounts for six days last week, CIbanco released a statement on Monday saying that “we made the decision to suspend the bank’s services and applications preventively following security protocols.” The bank said the hack was not successful.

“The bank’s security protocols worked against massive and repetitive attacks. The operating systems were not compromised.”

Cyble posted a message appearing to be from the attackers on Twitter.

“People who don’t care about their reputation, lie to their clients, and are silent about hacking and data leak. Bank users lose money from their accounts, they cannot pay bills and loans, and the management continues to lie about ‘problems in the system. If you do not contact us, we will begin to publish your data.”

One account holder told Mexico News Daily last week that he had been unable to make transfers from his account for several days. He said the bank told him that it was having systems problems due to heavy rainfall.

The bank has 3,300 employees and assets of 12.24 billion pesos (US $557 million).

A recent study by cybersecurity firm Infosecurity reports that between February and April alone, cyber attacks on financial institutions worldwide have increased by 238%, with ransomware being the most popular method used.

“Ransomware groups used to simply encrypt their victims’ data, but since November last year they have also been stealing it. They use the threat of releasing or, in the case of REvil, auctioning off the stolen data as an additional lever to extort payment,” says Brett Callow, a threat analyst at New Zealand-based software firm Emsisoft.  

“And the most you can hope to receive is a pinky promise that the stolen data will be deleted, but why would criminals delete something that they can make money with?”

REvil ransomware software, also known as Sodinokibi, was first detected in 2019 and has stolen data from foreign exchange company Travelex and celebrity law firm Grubman Shire Meiselas & Sacks whose clients include Lady Gaga, Drake and Madonna.

In June, operators of the REvil ransomware  launched a dark web auction site for data sets that mimics eBay, accepting bids in cybercurrency to ensure anonymity. Thus far their average extortion demand is around US $260,000, and they threaten failure to pay will result in auctioning off the data to the highest bidder.

Source: Milenio (sp), El Financiero (sp), La Silla Rota (sp), ZD Net (sp)

Have something to say? Paid Subscribers get all access to make & read comments.
Ears of dried corn in a big pile

Mexico loses GM corn trade dispute with US

0
Mexico will have to modify its restrictions on genetically modified corn imports after a trade dispute panel sided with the United States.
Two photos, one of U.S. President-elect Trump and another of Mexican President Claudia Sheinbaum

Trump promises to designate Mexican cartels as terrorist organizations: Sheinbaum responds

6
President Sheinbaum responded with forceful rhetoric to the announcement, which would open the door to U.S. intervention in Mexico.
Nuevo Laredo

Over 20,000 immigrants form annual holiday convoy to Sierra Gorda via Laredo

0
Each year, Mexicans living in the U.S. make a plan to meet in Laredo, Texas, to advance as a group toward Mexico for the holidays.