The spate of bitcoin-ransoming cyber-attacks on businesses is continuing with a hacking of a UAE bank. According to a report by Dubai’s XPRESS, a hacker called Hacker Buba is demanding payments to stop the release of UAE’s Bank of Sharjah members’ confidential data. If the bank does not pay the amount he has demanded – which has been reported to be $3 million – by the weekend, he says he will not stop. Payments have been demanded in bitcoin, likely due to the anonymity that the decentralized currency allows.
Since the 18th November, the criminal has been using social media to release account statements of users, which include government entities, UAE firms and members of the public. Attempts to prevent the leaks a couple of days ago by getting Twitter to intervene and shut down the profile were ultimately unsuccessful as the hacker simply made a new account and continued with mass-release of the bank users’ statements. Similarly, attempts to trace the hacker’s location have proved fruitless as there have been links to Hungary, Indonesia and the UK.
In an effort to have his or her demands met, the hacker also sent text messages and e-mails to members of the bank to threaten them to pay, or to get the bank to do so. When the payments were not forthcoming their data was released.
Speaking to XPRESS, the CFO of the bank stated: “Yes, there was a data breach and we have been contacted by Hacker Buba. He is asking for money but I cannot reveal how much. This is blackmail. We have reported the matter to UAE Central Bank. The Telecom Regulatory Authority’s (TRA) Computer Emergency Response Team (aeCERT) is investigating. We won’t give in to any extortion threat. In any case there has been no financial loss. All what this man has is some customer information and he’s trying to use it as a bargaining chip.”
Customers of the bank are distressed and have commented on the situation, claiming that the situation is far worse than it is being made out to be and that the attacks have caused ‘irreversible damage’ to the businesses involved.
At a time when some governments are trying to pass bills to require weaker cryptography, victims of cyber-attacks are decrying companies for having ‘lax’ cyber-security. Instead, people responsible for ensuring security are looking to implement secure, integrated systems to prevent hacking or allow for rapid reaction to cyber-attacks.