Banco de Costa Rica was established in 1877, becoming one of the biggest and most influential banks in Central America. That level of success makes it a prime target for any threat actor dealing with ransomware. The Maze ransomware group claims they managed to get through the bank's security not once, but twice to this day.
Banco BCR was attacked twice in the past eight months by Maze, leading to the theft of 11 million credit card credentials. 140,000 of those were of American citizens. On the Maze data leak website, the group revealed they managed to compromise the Banco BCR network in August 2019, stealing credentials and data. They didn't encrypt the affected device, as that would have been too much damage for the bank.
This Week in Malware Ep 6: Maze Ransomware #thisweekinmalware
Maze group's press release
The bank failed to secure its network after the initial attack, so Maze exploited that once again in February 2020. Once again, they didn't encrypt the affected data, because they believed it wasn't ethical to do so during the pandemic. They boasted they have several years' worth of the bank's data at the moment.
Maze demands that Banco BCR must upgrade their security
The Maze Ransomware group claims they informed the bank about the ransom demand, believing there would be a reward for showing the problems with their security system. The attacks could have led to a devastating outcome to the bank's operations, so they said they might sell the data on the dark web if the ransom demand isn't paid. In their post on the website, the Maze operators claimed they would publish all 11 million credit card numbers if the bank doesn't upgrade their security to protect their network. To prove they have indeed stolen data, they posted an encrypted version of 240 credit card numbers with their credit card verification codes and expiration dates.
This Week In Malware Episode 30 Part 3: Maze Hacker Group Shutdown Ransomware Operations and Victim Information
There are more cases of high profile data breaches done by Maze ransomware operators, as they previously attacked IT giant Cognizant, as well as Hammersmith Medicines Research LTD and Chubb, a cyber insurance service.