14 DAY TRIAL // The systems of Banque Cantonale de Geneve (BCGE) have been hacked and customer information has been exfiltrated, and the perps operating under the name of Rex Mundi are now demanding a ransom of €10,000 / $11,853 to not make the data public.
The hackers have given the bank until Friday to decide on whether to pay the money or not, making available some pieces of information to prove that the data in their hands is real; until now, their demands have not been satisfied.
Rex Mundi claims possession of over 30,000 private emails
It must be noted that Rex Mundi did not penetrate the defenses of the bank’s computer network and reached the details through an SQL injection type of attack on a public server that contained a database with sensitive client data.
An SQL attack consists in inserting an SQL query through the web client of a data application; if the statement is not properly sanitized, than information in a database can be obtained.
As far as the stolen details are concerned, the list includes names, addresses, phone numbers, account numbers, as well as email communication between the customers and the financial institution.
Rex Mundi says that no bank accounts have been compromised, but they downloaded a total of 30,192 private emails that contained sensitive client data.
“We would like to mention that, as always, we did contact BCGE a few days ago and offered them not to post their data in exchange for a very reasonable amount of money,” the hackers informed.
All the perps care about is the money
Unless the ransom is paid, Rex Mundi plans to make public all the data they took from BCGE. It would not be the first time they play this game, as blackmailing companies this way is what they actually do.
Victims that have not complied with their demands have had sensitive customer information disclosed, which at the moment is available in multiple locations on the Internet.
Some of the latest victims are Tabasco, Z-Staffing and Exaris employment websites. Xtra-Interim, a temporary staffing agency, has also been hit by the hackers. In an older incident, Rex Mundi tried to blackmail Domino’s websites in Belgium and France, extracting more than 650,000 customer records.
In a Twitter post today, the hackers warn about their intention to dump BCGE details into the public domain on Friday evening, if the bank does not pay.
To achieve their goals, they also wished a “merry tax audit to all the non-Swiss account holders listed in the BCGE files,” probably in an attempt to draw attention to the fact that some of the accounts are not declared by the customers in other countries.
If we do not get paid in the meantime, we will post the Banque Cantonale de Geneve #leak tonight on our website.
— Rex Mundi (@rexmundi14) January 9, 2015