Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom

Posted by on Dec 18, 2015 in IT News | 0 comments

Hacker Leaks Customer Data After a United Arab Emirates Bank Fails to Pay Ransom

A hacker who broke into a large bank in the United Arab Emirates made good on his threat to release customer data after the bank refused to pay a bitcoin ransom worth about $3 million.

The hacker, who calls himself Hacker Buba, breached the network of a bank in Sharjah last month reportedly identified as Invest Bank, and began releasing customer account and transaction records via Twitter.

Although extortion hacks using ransomware are a growing trend, it doesn’t appear that the hacker in this case used ransomware. Ransomware involves malware installed on a victim’s machine that encrypts their data or otherwise locks them out of their system until they pay a ransom, usually in Bitcoin. In this case, it appears the bank still had access to its systems, and the hacker merely siphoned the data.

The news was first reported by the Dubai-based newspaper Xpress. According to the journalist, the hacker offered to give him 5 percent of the paid ransom for his cooperation, though it’s unclear what kind of cooperation he was seeking from the reporter. He reportedly told the journalist that he had data from other banks as well. “I give u 5 % from total I get. Have many banks from UAE, Qater, ksa and etc. Will work together,” he reportedly wrote in a direct message to the reporter via Twitter.

The hacker reportedly used the picture of an Invest Bank employee for his Twitter avatar to post the account statements of government officials and UAE firms on November 18. Although Twitter closed the account, the hacker opened a new one and released the account statements of some 500 bank customers.

He also sent text messages and emails to bank customers, using contact details gleaned from their bank account records, and threatening to release their records online unless they or the bank paid him a ransom.