As usual Maze ransomware operators add another data breach to their name. In this instance, they breachedBanco De Costa Rica, one of the strongest state-owned commercial banks that operate in Costa Rica.
The Banco de Costa Rica was being established on 20 April 1877. Banco de Costa Rica (BCR) is a state-owned commercial bank that operates in Costa Rica. With equity of $806,606,710and assets of $7,607,483,881, the bank has established itself as one of the strongest banking companies in both Costa Rica and Central America. The bank began primarily as a private commercial bank until it was designated a currency issuer and exclusive manager of public revenues in the last decade of the 19th century. After the bank nationalization decree of 1948, Banco de Costa Rica became a financial entity with a major role in the development of the country.
The Maze ransomware operators claim to attack the Banco BCR for the second time in the last 8 months. The ransomware operators claim to have over 11 million credit card credentials, of which over 4 million are unique and 140,000 belong to the US citizens.
The Cyble Research Team has verified this press release in which the ransomware operators state that they executed this data breach to alert people about the poor security measures being installed by these big financial institutions. Above that, the ransomware operators also state that they would publish all the details of over 11 million credit card numbers on their website if they do not receive any feedback about the installation of high-security measures by Banco BCR. Below is the snapshot of the press release being posted by the Maze ransomware operators-:
In order to make it real and support their press release, the Maze ransomware operators have posted some of the credit card numbers in hidden and encrypted form, as shown below.
Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.
Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.