Maze ransomware operators have revealed bank card information stolen from the Bank of Costa Rica (BCR). They threaten to leak comparable recordsdata each week.
The hackers are doing this in assist of their declare to have breached BCR prior to now and the bank’s denial of those intrusions.
Legitimate numbers inside
In a put up on their “leak” website this week, Maze operators shared a 2GB spreadsheet with fee card numbers from prospects of Banco de Costa Rica.
The attackers say that they launched the info as a result of they don’t seem to be trying to make any revenue off it. As an alternative, they wish to draw consideration to the bank’s safety lapses relating to defending delicate info.
A number of screenshots from the database accompany the announcement, exhibiting unencrypted bank card numbers. Collectively, the photographs include information for no less than 50 playing cards (some are listed a number of instances). Beforehand, they revealed over 100 partial numbers (final 4 digits eliminated) with expiration date and verification codes.
BleepingComputer checked a number of numbers with two on-line validation providers and most of them handed the test. Bank identification quantity (BIN) particulars confirmed that they have been Visa or MasterCard debit playing cards issued by BCR.
It ought to be famous that one of many card validation websites states that the validity of a quantity doesn’t assure that additionally it is in use. Nevertheless, the main points have been confirmed when verified on a second on-line checker.
On April 30, Maze ransomware operators claimed to have greater than 11 million playing cards from BCR, with four million being distinctive and 140,000 belonging to “US citizens.”
Maze mentioned that they first gained entry to the bank’s community in August 2019 and once more in February 2020, to test if safety had improved.
They selected to exit with out encrypting the methods the second time as a result of it “was at least incorrect during the world pandemic” and “the possible damage was too high.” However they didn’t depart empty-handed.
Battle of statements
BleepingComputer contacted BCR on Could 1 to verify both of the 2 incidents however acquired no reply. Nevertheless, the bank issued a public assertion that day saying that following an “exhaustive verification” they’ll “firmly confirm that the institution’s systems have not been violated.”
In response, Maze launched 4 days later a spreadsheet with particulars about methods they declare to be from BCR’s community. On Could 21 they dumped the fee card information.
The bank issued one other assertion on Could 22 reiterating that a number of analyses from inside and exterior specialists confirmed that the methods weren’t accessed with out authorization and that purchasers’ transactions weren’t impacted.
At the start of the month, Maze informed BleepingComputer that they reached out to the bank a number of instances with a ransom demand and that they may promote the cardboard information on the darkish internet.
Even when they spared BCR’s methods from encryption, the ransom was for exhibiting the establishment the susceptible spots on its community.