“There is nothing stupider than hacking a website or taking down a service ‘just for the lulz’,” the hacking group Rex Mundi previously tweeted. Instead of hacking for lulz, this group is known for hacking into sites and then holding the data for ransom, as it recently did to a Swiss bank.
Last week, after hacking into Banque Cantonale de Geneve (BCGE) and exfiltrating data, Rex Mundi gave the bank until Friday to pay a ransom of 10,000 euros, currently equal to $11,808.95. The ransom demand statement claimed they had downloaded “30,192 private emails sent by both Swiss and foreign customers, in addition to various other interesting data (conference registrations, mailing list entries,...),” which they offered not to leak “in exchange for a very reasonable amount of money.” The demand included two emails to the bank with names and addresses to verify the hackers had stolen the data.
But BCGE did not give into the extortion. "We chose not to give in to blackmail and chose instead the path of transparency," the bank's spokeswoman told Reuters. She added that the dumped customer data “represented ‘no particular financial risk for clients or the bank’.” BCGE posted the following notice on its site.
The hackers had “played on Swiss banks' reputation for helping clients conceal information from tax authorities.” In fact, Rex Mundi tweeted:
“BCGE is one of a host of Swiss banks to come forward under a government-brokered scheme for banks to pay fines for helping wealthy Americans avoid tax,” reported Reuters. Perhaps Rex Mundi did not know that under the U.S. program, the bank voluntarily discloses information on how they helped clients hide money from the IRS. Bloomberg reported that “in exchange, they (Swiss banks) may receive non-prosecution deals in relation to allegations that they fostered tax-evasion through cross-border accounts held by U.S. clients.”
But apparently hoping upset customers could convince the bank to pay up, Rex Mundi added:
After the bank refused to pay the ransom, the hackers dumped the customer data.
“Victims that have not complied with their demands have had sensitive customer information disclosed, which at the moment is available in multiple locations on the Internet.” Also according to Softpedia:
Some of the latest victims are Tabasco, Z-Staffing and Exaris employment websites. Xtra-Interim, a temporary staffing agency, has also been hit by the hackers. In an older incident, Rex Mundi tried to blackmail Domino’s websites in Belgium and France, extracting more than 650,000 customer records.
The hacking group has been active “for at least two years” and has become known for scanning for vulnerabilities, extracting data and ransoming it for small amounts. Bloomberg reported that Rex Mundi had tweeted, “It is easier to get 10 companies to pay 10K than to get 1 company to pay 100K.”
“One thing you can say about these guys is that you have to take them very seriously,” FireHost security analyst Chase Cunningham told Bloomberg. “If you don’t pay up they are going to try to make you suffer.” He added, “They’d much rather have 50 companies pay them $25,000 than one company pay them $5 million. They definitely go for low-hanging fruit.”