Hackers Release Stolen Data After Swiss Bank Refuses To Pay $12K Ransom

A group of cyberthieves who breached online security at a small Swiss bank published identifying details about 30,000 customers on Friday (Jan. 9), after the bank refused to pay a ransom, Bloomberg reported.

A group calling itself Rex Mundi said it hacked into the servers of Banque Cantonale de Geneve (BCGE) and downloaded 30,192 emails from customers. The group providing the text of two of the emails as proof, and demanded that the bank pay a ransom of €10,000 ($12,000) by Friday, or the group would publish the messages.

The bank confirmed the attack and said it is contacting affected customers but that it would not capitulate to blackmail.

In a statement Friday on its website, BCGE confirmed the client information had been released but said it did not represent a financial risk for clients or the bank. It also said it is working with authorities to investigate the attack and that additional security measures have blocked further breaches.

The Rex Mundi group has been around for at least two years and has perfected a small-bore shakedown in which the group scans for vulnerabilities in company networks, quickly extracts data, ransoms it for small amounts and then moves on, according to security analyst Chase Cunningham of FireHost.

In June 2014, the group attempted a similar shakedown of independent Domino’s Pizza franchises in France and Belgium. The attackers breached systems that were about to be updated and contained names and addresses but no credit card or financial information. The franchisees declined to pay and the systems were updated. “It turned out to be much ado about nothing,” a Domino’s spokesman said.