A new ransomware attack in finance sector: Development Bank of Seychelles

by Ugnius Kiguolis - -

A yet unknown ransomware has hit The Development Bank of Seychelles at the beginning of August 2020

Development bank of Seychelles hit by Maze cryptovirusThe beginning of August 2020 was not the best time for the Seychelles banking sector. The Republic of Seychelles has been known for its beautiful nature and attracted tourists for many years. A country of small population, consisting of 115 islands in the Indian Ocean near Africa was a great escape for Western World families. Unfortunately, they have recently attracted not only tourists. The country with the smallest population in Africa has appeared on the radar of cybercriminals. [1]

On the 11th of August, The Central Bank of Seychelles has made a press release stating one of the country's banks has been hit by ransomware:

The incident was communicated to CBS on Wednesday 9 September 2020. Since then, CBS has
been engaging with DBS to establish the exact nature and circumstances of the incident and closely
monitor the developments, including the possible impact on DBS' operations.[2]

The Central Bank of Seychelles is making the official statements and helping to monitor the situation

It is not yet clear what are demands of the ransomware attackers, neither the ransom amount has been revealed. However, we can assume the numbers might be impressive as the recent banking attacks were not showing modesty. The Central Bank has promised to keep good communication with the public and hopefully might get back with more information in the nearest future. 

The CBS has stressed on the need for DBS to maintain communication with its clients and other
stakeholders, particularly within the banking sector, throughout this process.

Earlier this year a well-known ransomware group called Maze[3] has hit the Banco BCR, the state-owned Bank of Costa Rica. The ransomware requested amount of money has not been officially confirmed, neither is clarified if the bank has made any payments, but the damage for Bank's safety and authority might have been huge. The ransomware gang has begun to reveal the bank's credit card information. 

The Cyble Research team reported on May 1st, 2020 that the Bank of Costa Rica (BCR) has been attacked by Maze and harvested over 11 million credit cards – 4 million unique entries, 140,000 of which belong to American netizens.[4]

The demands of the ransomware and the Seychelles Bank's position not yet disclosed

Thought the official statements from the Central Bank of Seychelles (CBS) have been released, not much more information is known on the Development Bank of Seychelles ransomware attack. The ransomware actors have not made official statements too, so it is not yet clear which ransomware is responsible, neither their demands. The experts still have hopes for smaller damage to be made, while the CBS is trying to figure out the seriousness of the situation.

The CBS will be providing further details to the general public once the full extent of this reality
has been clearly understood.

The Development Bank of Seychelles has been operating for more than 40 years and has gained the trust of many clients during the time. The officially declared profit of 2017 was almost 16 million Seychellois rupee [5], which is almost 9mln US Dollars in today's currency exchange rates. Most likely the profits have increased since then and appeared to be a nice catch for the ransomware actors. 

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References