In a new incident, Maze ransomware claims to have stolen over 11 million credit card data and other bank data of Banco de Costa Rica (BCR). This was found by BleepingComputer on Maze ransomware’s leak site, as they claimed to have first accessed the bank’s network in August 2019 and later in February 2020, but did not encrypt any data as it would make it hard amidst this pandemic. There isn’t any official confirmation from the bank yet.
Sneaked Twice, but haven’t encrypted the network
Maze ransomware is so infamous for its hits against reputed organizations. It has previously attached Southwire, Cognizant, etc. While it intends to steal data and encrypt the network before asking for a ransom, it’s slightly different now. In the case of Banco de Costa Rica (BCR), it decided not to encrypt, but just steal and ask for ransom.
Banco de Costa Rica (BCR) is a state-owned bank of Costa Rica. And it has millions of accounts from various nations. It’s now said to be breached by Maze ransomware authors, who’ve posted a part of their stolen data on their leak site. BleepingComputer reported that Maze ransomware claims to have targeted Banco de Costa Rica (BCR) initially in August 2019, but did not steal or encrypt the network.
After this, they again sneaked into the network in February this year, and still found the system isn’t encrypted yet. Thus, they had stolen the data but even didn’t encrypt the web, citing the reason as it “was at least incorrect during the world pandemic.” And those stolen records consists of years of bank data and over 11 million records of credit card data. This includes the over 4 million unique card data and at least 140,000 records belonging to US citizens.
To prove this, the ransomware authors have posted a snippet of the stolen data, which contained 240 records of credit card data. It has the card numbers (with four digits removed), expiration data, and CVV codes. The bank hasn’t made any official comments yet. Until then, it’s suggested to those who’re having bank accounts with BCR to call the bank and know their status of compromise and check their card activity.