[BreachExchange] Maze Ransomware group steals 11m card data from Banco de Costa Rica

Destry Winant destry at riskbasedsecurity.com
Thu May 7 09:49:57 EDT 2020


https://www.hackread.com/maze-ransomware-group-banco-de-costa-rica-card-data/

Maze Ransomware group claims 140,000 credit card data belongs to
American citizens.

Since its establishment in 1877, Banco de Costa Rica has become not
only Costa Rica’s most powerful state-owned commercial bank but it is
regarded as the strongest bank in Central America with $7,607,483,881
in assets and $806,606,710 in equity.

Targeting such a significant financial entity with ransomware and
stealing critical financial data is no ordinary feat that Maze
ransomware operators have claimed to achieve not once but twice
lately.

Apparently, Banco BCR has been attacked twice in the past eight months
by Maze ransomware operators leading to stealing of 11 million credit
card credentials, out of which 140,000 are of American citizens while
4 million are unique.

On their data leak website, the Maze ransomware group revealed that
they compromised Banco BCR’s network for the first time in August 2019
and stole credentials and other sensitive data. However, they didn’t
encrypt the device since the probable damage could have been too much
for the bank.

Since the Bank didn’t secure its network after the first attack, the
operators exploited it again in February 2020. This time too they
didn’t encrypt the data because they believed it wasn’t ethically
right during the COVID-19 pandemic. However, they boasted about
stealing at least a few years of the bank’s data already.


The Maze ransomware group claim that they have informed the bank about
their ransom demand, which they believe is a reward for indicating
issues in the bank’s security system as it could have led to
devastating outcomes for the bank, and may also sell data on the dark
web if their demand is not satisfied.

In their post, the operators stated that they may publish all 11
million credit card numbers if the bank doesn’t install high-security
systems to protect its network. To prove it, they also posted an
encrypted version of 240 credit card numbers along with their credit
card verification codes and expiration dates.

This isn’t the only high-profile data breach that Maze ransomware
operators have carried out as previously they have targeted IT giant
Cognizant, drug testing service Hammersmith Medicines Research LTD,
and cyber insurance service Chubb in a similar manner.

If you use Banco BCR’s credit card, now it will be a good time to
contact the bank and confirm that your account is safe.


More information about the BreachExchange mailing list