Mexico's CIBanco suffers REvil ransomware attack

Bnamericas Published: Saturday, August 15, 2020
Mexico's CIBanco suffers REvil ransomware attack

Mexican commercial bank CIBanco has confirmed an attempted cyberattack through the REvil ransomware with the alleged hackers claiming they obtained sensitive data and documents from the bank.

Salvador Arroyo, CEO of the mid-tier lender, confirmed to local daily El Economista that the attack took place from August 3-9, but claimed the attack was unsuccessful as the bank did not suffer any information extraction. 

On Twitter, Cyber threat intelligence platform Cyble published that alleged “operators of the #REvil ransomware have claimed that they are in possession of sensitive documents from #CIBanco, a private financial institution with its main office in Mexico,” including images of what was published by the alleged cybercriminals.

Ransomware attacks on Mexican banks and companies have accelerated in recent years with a major attack on state-owned oil company Pemex in November last year, which crashed its servers and encrypted files, and halted some administrative work.

The hackers in that case posted confidential files in reprisal for the company’s refusal to pay nearly US$5mn in ransom. 

The hackers’ posts regarding the CIBanco attack include claims that they have already made sensitive documents available on what is known as the dark web. 

El Economista reported it was able to verify that these documents contain identification data of legal entities, credit bureau reports and analysis of industrial sectors, but could not confirm their authenticity or that they belong to CIBanco. 

The bank filed the corresponding complaints with the attorney general’s office and notified banking and securities regulator (CNBV) in accordance with existing protocols for such attacks, said Arroyo.

CIBanco does not know whether the information published by the hackers are documents that belong to the institution or if they are simply screenshots meant to leverage efforts to extort money, according to Arroyo. 

On June 2, cybersecurity specialist Brian Krebs wrote on his blog that the REvil-linked criminal group had “begun auctioning off stolen confidential data from companies affected by their malicious software.” 

The expert said that the alleged attackers made the information of their victims public through a blog on the dark web called Happy Blog. 

These hackers specialize in deploying the REvil ransomware (also known as Sodinokibi or Sodin), a malicious software they use as a tool to carry out attacks or provide criminal services to third parties.

CIBanco has a loan book of around 12.3bn pesos (US$557mn).

Subscribe to the most trusted business intelligence platform in Latin America. Let us show you our solutions for Suppliers, Contractors, Operators, Government, Legal, Financial and Insurance.

Subscribe to Latin America’s most trusted business intelligence platform.

Other projects in: ICT

Get critical information about thousands of ICT projects in Latin America: what stages they're in, capex, related companies, contacts and more.

Other companies in: ICT (Mexico)

Get critical information about thousands of ICT companies in Latin America: their projects, contacts, shareholders, related news and more.

  • Company: Letseb, S.A. de C.V.  (Bestel)
  • Bestel is a telecommunications provider owned by Mexican telecom group Empresas Cablevisión, S.A.B. de C.V. (Izzi). It is made up of Letseb S.A. de CV. and its subsidiaries, Ope...