A malicious hacker that successfully breached the IT systems of a large bank in the United Arab Emirates (UAE) demanded nearly $3 million worth of cryptocurrency or the financial information of hundreds of its customers would be leaked online. The hacker – who goes by the alias ‘Hacker Buba’ – reportedly gained access to the bank’s systems last month. He threatened to release customers’ account statements if a payment of 8,500 bitcoins was not made. According to the Dubai-based newspaper Xpress, the bank refused to pay the ransom and contacted law enforcement.
“Yes, there was a data breach and we have been contacted by Hacker Buba. He is asking for money but I cannot reveal how much. This is blackmail. We have reported the matter to UAE Central Bank. The Telecom Regulatory Authority’s (TRA) Computer Emergency Response Team (aeCERT) is investigating,” said the bank’s chief financial and operating officer.
A Twitter account allegedly operated by the hacker (@hacked_invest) later posted the account statements of several corporate officers and government officials. Although the account was eventually suspended, the hacker created a new account to leak the financial details of an additional 500 customers. Furthermore, the hacker appeared to have sent emails and text messages to a number of bank customers directly, asking for smaller ransom payments. “We won’t give in to any extortion threat,” the bank’s CFO told Xpress. “In any case, there has been no financial loss. All what this man as is some customer information and he’s trying to use it as a bargaining chip," he added. Wired Magazine said it obtained files claiming to come from the hacker, which contained bank customer credit card numbers, purchase transactions and authorization codes. The documents did not, however, include customer names. Other files purport to show balances on 50,000 bank cards, Wired reported.
