A group of hackers dubbed Maze claims to have compromised the infrastructure of Banco BCR, a Costa Rican state-owned bank, and is now threatening to leak millions of credit card numbers.

On April 30, Maze claimed that it has scoped out the bank in August 2019:

“According to Financial Institutions Protocol this bank had to notify other institutions about the security breach case. But nothing was made. Servers and workstations were not blocked. Private data was not secured. Anyway the Bank decided to conceal information about the breach. Though the security personnel were able to analyze the attack logs and to see that the attackers have accessed the payment processing system. We have stopped the attack as the possible damage was too high.”

Maze states that subsequently, in February 2020, they checked the systems and saw that nothing was done to fix the cybersecurity vulnerabilities. The hackers claim that because of this, they decided to steal the data from the bank, including transaction information and credit card data:

“We have got over 11 milion credit card credentials. Over 4 millions of those credit cards are unique. [Of those cards,] 140,000 belong to US citizens.”

The ransomware group announced on May 5 that it was going to leak the information without concealing card numbers. While in this particular instance there is no data on the amount of Bitcoin (BTC) requested by the hackers, the group has ransomed data in the past.

Do not take ransomware group’s claims too seriously

Brett Callow, cybersecurity threat analyst at Emsisoft previously told CryptoNewspeople that hacker’s claims should be viewed suspiciously:

“Claims made by ransomware groups should be taken with a grain of salt. […] The details that the criminals choose to release will be cherry-picked and only information that they want to be in the public domain — probably because they believe it will help their cause in some way. […] The press should avoid portraying ransomware groups as being in any way Robin Hood-like or repeating claims that assist them.”

As of press time, Banco BCR has not answered CryptoNewspeople’s request for comment.

Ransomware activity continues amid the pandemic

As CryptoNewspeople reported in late April, a recent report showed a major drop in the number of ransomware attacks carried out during the pandemic on the United States public sector. Still, this is unlikely to be linked to the cybercriminals’ willingness to avoid damaging the public sector amid the distress already caused by the coronavirus.

In fact, at the end of April, hackers reportedly compromised the largest health center in Pueblo County, Colorado with cryptocurrency ransomware. While the hospital’s official statements claim that it won’t affect patient care, workers allegedly said that the paper-based record-keeping methods to which they have resorted are cumbersome and could negatively impact services.