Banks in Greece have been hit by hackers demanding that a ransom is paid in Bitcoins. The hackers, known as the Armada Collective, are believed to have brought down the operations of three Greek banks for a number of hours last Thursday 26. In response, Greek authorities sent in a team of cyber security experts and intelligence personnel who managed to restore the system within a few hours.
A statement from the Bank of Greece said that it was a ‘serious threat’ and that a ransom had been requested of 20,000 Bitcoins (around $7.4million) from each of the three banks, with the threat of further attacks if the ransom is not met. None of the banks responded to the initial attack or ransom request, causing the Armada Collective to respond with further penetrations of the bank’s systems over the weekend and on Monday 30 November.
‘Last week was a warning, today there appears to have been another incident,’ said an anonymous representative from the bank. The Greek authorities are remaining on high alert in order to squash any further attacks that they may have to deal with, with Greece’s National Intelligence Service (EYP) and the Financial Crimes Squad (SDOE) both on standby.
It is believed that last Thursday’s attack was set off with a coordinated DDoS attack that flooded the bank’s systems, before allowing the cybercriminals to access the bank’s core systems. Unfortunately, little information has been released about the subsequent penetrations, though it is believed that the hackers may have had access to the bank’s systems up to five times now.
‘No bank responded to this extortion, so the same hackers tried again at the weekend and today [30 November]. But we had strengthened our defence in the meantime, so no disruptions took place,’ said a representative from the bank of Greece, who wished to remain anonymous.
According to official reports, despite coordinated efforts by the cyber criminals no customer details were stolen from any of the three banks during the numerous penetrations of the bank’s’ systems. That, at least, is being seen as somewhat of a win for the Greek cyber security and intelligence agencies, which have worked hard over the last week to ensure the safety of Greek customer’s sensitive information.
This is the third time that the Armada Collective has attacked banks demanding a ransom. In October, the cyber gang approached four banks in Thailand, also demanding that a Bitcoin ransom be paid. According to Thai reports, on that occasion the cyber criminals warned the banks via email. Informing them that if the ransom was not met they would face regular attacks on their systems, which would bring their systems to a halt, disrupting bank services.
In Switzerland, banks were also approached by the hacking collective. On that occasion (believed to be the first time that the Armada Collective approached a bank demanding a ransom), the rather more paltry sum of 20 Bitcoins was required. With threats of a banking standstill if the ransom amount was not paid right away (and a regular 20 Bitcoin per day increase in payments if the ransom was not met).
In what is becoming a rather common occurrence, banks in China were also hit by cyber attacks earlier this year. Back in May, the Bank of China and the Bank of East Asia were also hit by cyber criminals demanding Bitcoins. On that occasion, Chinese authorities came to the conclusion that the hackers were international rather than domestic (though the hackers on that occasion did not claim to be a part of the Armada Collective).
In a non-bank related incident, the Armada Collective was responsible for attacking ProtonMail the encrypted email service set up by researchers at CERN in Geneva. On that occasion, a Bitcoin ransom to the tune of around $9,000 was demanded – a ransom that on that occasion was paid – demonstrating that the actions of these cyber criminals do sometimes result in success.