An unknown malicious hacker has successfully breached a Sharjah, UAE-based bank of its customer statements and records. Over the past few days, the hacker has released the confidential data via social media after the bank refused to give in to the hacker’s extortion.
A cybercriminal who goes by the alias ‘Hacker Buba’ (yes, really) has – for the past week – held a bank in Sharjah, UAE to ransom. The hacker blackmailed the bank to pay a ransom in Bitcoin and the failure to do so will lead to the public leak of the bank’s customers’ account statements. Customers include government entities, private companies and individuals. As it turned out, the bank refused to pay and the hacker kept his word to start doxing confidential bank statements via Twitter.
As reported by GulfNews, a prominent online publication in the Middle East, Hacker Buba’s Twitter account was finally suspended on November 23, five days after the hacker began revealing the bank’s customer statements. To nobody’s surprise, the hacker set up another account the following day to upload account 500 bank customers’ statements in a single tweet, according to GN.
Speaking to the publication, the bank’s chief financial and operating officer admitted to the hack and said:
Yes, there was a data breach and we have been contacted by Hacker Buba. He is asking for money but I cannot reveal how much. This is blackmail. We have reported the matter to [the] UAE Central Bank.
He added that there was no financial loss and that the bank “won’t give in to any extortion threat.”
The GulfNews report later revealed that Hacker Buba reached out to the journalist via a Direct Message on Twitter to claim that he was seeking $3 million as a ransom demand, approx. 9225 BTC in current rates.
In a twist, the hacker also offered a bribe to the journalist if the latter cooperated with the misdeeds.
“I will give u [sic] 5% from [the] total I get. Have many banks from UAE, Qater [sic]…,” said Hacker Buba allegedly in a direct message to the journalist.
Incidents of extortionists seeking ransom in Bitcoin, is seeing an upswing lately. Around a year ago in November 2014, the Dickson County Sheriff’s Office paid $500 in Bitcoin after being struck by ransomware. In May this year, cybercriminals launched a DDoS attack targeting the Bank of China for a Bitcoin ransom. A recent high-profile case of the kidnapping of a Hong Kong billionaire businessman had the criminal gang seek ransom in Bitcoin.
A recent report claimed a staggering $325 million in Bitcoin was claimed by malware authors behind the infamous CryptoWall ransomware.
Even CCN was the target of a recent DDoS attack wherein extortionists demanded 2 BTC in a blackmail threat that came in via email. If you’re a web-wizard with the skill to track down the extortionists, there’s a 5 BTC reward to be claimed for those that help in filing a successful police report. Additional details are available here.
Featured image from Shutterstock.