Armada Collective makes ransom demands on Greek banks: Report

Banking sources say hackers have disrupted internet services and made bitcoin ransom demands against three Greek banks, but have not accessed client details.
Written by Chris Duckett, Contributor

Hackers have staged cyber attacks on three Greek banks and demanded a ransom in bitcoin to stop their disruption, banking sources have said.

The sources said the hackers blocked the internet banking activity of three Greek lenders for several hours last Thursday, but did not penetrate the banks' security or obtain confidential client data or access to accounts.

"All they achieved was to block the web banking for a few hours. Nothing else," one banker told Reuters, speaking on condition of anonymity.

The sources said the hackers had given the name of their group as Armada Collective.

The banks refused to pay up and alerted the security services and the Greek central bank, which are investigating.

"We informed the police, and the country's secret services are involved," a second banker said. "It's an easy-to-handle situation. There is no need for bank clients to worry."

A hacking extortion group using the same name was reported last month to have staged sustained distributed denial-of-service (DDoS) attacks on several private email services, including FastMail, Zoho, Runbox, and ProtonMail.

In the case of ProtonMail, the size of the DDoS attack was taking out other companies that resided in the datacentre it used, as well as ProtonMail itself. Under pressure, ProtonMail paid the ransom.

"The collateral damage by then was hundreds of companies, with some as far away as Moscow," Frederic Gargula, co-founder of IP Max -- the Geneva-based internet service provider (ISP) that helped defend ProtonMail during the attack -- told TechRepublic.

However, in the wake of the original attackers, ProtonMail said it suffered from a second, more powerful and sophisticated attacker, which the company said behaved more like a state-sponsored actor.

After almost a week, a new emergency IP transit line, and a crowdfunded defence fund, ProtonMail was able to see out the attack.

Last month, Russian-based security firm Kaspersky Lab attributed a number of DDoS attacks in the financial sector to a group dubbed DD4BC, or DDoS for Bitcoin. Kaspersky said the group had been targeting banks, media groups, and gaming companies since September, and had threatened to take down customer websites unless a ransom was paid.

The company said 79 countries in total fell victim in the third quarter.

"The owner of the targeted resource is asked to pay between 25 and 200 bitcoins, or have their servers disabled," Kaspersky said.

With AAP

Editorial standards