Canadian Bank Ripple Ransom: “We warn the Bank of Montreal and Simplii Financial that we will release their customers’ information if they do not cooperate.”
These are the threatening words of a group of hackers, not yet identified, who asked for 1 million Canadian dollars of ransom to be delivered in XRP, in exchange for the personal data stolen last weekend of nearly 100 thousand customers of the two banks.
The message of the hackers was sent to numerous Canadian media through an incoming email from servers located in Russia, from where the hackers admitted coming from.
The veracity has been confirmed by the banks: the email contains the personal data of two customers of Simplii and BMO: the names, dates of birth, SIN and the accounting balance of a Canadian man and woman.
The woman was contacted by the local media (CBC News) and confirmed the accuracy of the information contained in the mail, which also includes the answers to her three security questions.
The woman, who asked for anonymity, was shocked and wondered how this could have happened.
Another Simplii Financial customer, Michael McCarthy of Edmonton, contacted by Canadian CBC News, confirmed that he was robbed of 980 Canadian dollars on Sunday.
The threat is taken seriously
Simplii Financial vice president Michael Martin, in a media report, said he takes the threat of hackers seriously, even if no ransom will be paid.
The Bank of Montreal is currently committed to protecting and helping its customers by sending new credit cards and refunding the money stolen.
Cybersecurity experts and law enforcement are working to intercept the true origin of the attack and the perpetrators of the cybercrime.
An unusual ransom
According to the cybersecurity experts of Malwarebytes Labs, the XRP ransom demanded by hackers is unusual, because when they left the bank servers, the information they stole is useless.
According to IT experts, the redemption request is probably an attempt to blackmail the banks by telling them: if you do not give us money, we will publish your customers’ personal data.
A spear phishing attack
On the basis of the data in our possession, it is reasonable to think that behind the double attack there is the same criminal group.
The attack, known as “spear phishing”, is targeted at individuals, using techniques to get them to deliver critical data.
The hackers themselves would explain in the email how they entered.
They claim to have been able to gain partial access to accounts using a very common mathematical algorithm, which is usually used to quickly validate relatively short numeric sequences such as credit card numbers.
The technique, they say in the email, allowed them to pretend to be the authentic holders of bank accounts that had simply lost their password.