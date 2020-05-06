A gaggle of hackers dubbed Maze claims to have compromised the infrastructure of Banco BCR, a Costa Rican state-owned financial institution, and is now threatening to leak thousands and thousands of bank card numbers.

On April 30, Maze claimed that it has scoped out the financial institution in August 2019:

“In accordance to Monetary Establishments Protocol this financial institution had to notify different establishments concerning the safety breach case. However nothing was made. Servers and workstations weren’t blocked. Non-public knowledge was not secured. Anyway the Bank determined to conceal details about the breach. Although the safety personnel had been ready to analyze the assault logs and to see that the attackers have accessed the cost processing system. We now have stopped the assault because the attainable harm was too excessive.”

Maze states that subsequently, in February 2020, they checked the methods and noticed that nothing was performed to repair the cybersecurity vulnerabilities. The hackers declare that due to this, they determined to steal the information from the financial institution, together with transaction data and bank card knowledge:

“We now have bought over 11 milion bank card credentials. Over four thousands and thousands of these bank cards are distinctive. [Of those cards,] 140,000 belong to US residents.”

The ransomware group introduced on Might 5 that it was going to leak the data with out concealing card numbers. Whereas on this specific occasion there isn’t a knowledge on the quantity of Bitcoin (BTC) requested by the hackers, the group has ransomed knowledge prior to now.

Don’t take ransomware group’s claims too severely

Brett Callow, cybersecurity risk analyst at Emsisoft beforehand instructed Cointelegraph that hacker’s claims needs to be seen suspiciously:

“Claims made by ransomware teams needs to be taken with a grain of salt. […] The main points that the criminals select to launch will probably be cherry-picked and solely data that they need to be within the public area — most likely as a result of they imagine it is going to assist their trigger ultimately. […] The press ought to keep away from portraying ransomware teams as being in any approach Robin Hood-like or repeating claims that help them.”

As of press time, Banco BCR has not answered Cointelegraph’s request for remark.

Ransomware exercise continues amid the pandemic

As Cointelegraph reported in late April, a latest report confirmed a serious drop within the variety of ransomware assaults carried out throughout the pandemic on america public sector. Nonetheless, that is unlikely to be linked to the cybercriminals’ willingness to keep away from damaging the general public sector amid the misery already attributable to the coronavirus.

In truth, on the finish of April, hackers reportedly compromised the most important well being middle in Pueblo County, Colorado with cryptocurrency ransomware. Whereas the hospital’s official statements declare that it received’t have an effect on affected person care, staff allegedly mentioned that the paper-based record-keeping strategies to which they’ve resorted are cumbersome and will negatively impression providers.