Three Greek banks suffer from bitcoin hackers. Last Thursday a group calling itself the Armada Collective conducted the first attacks and demanded a ransom in bitcoin. Greek police informs about two more attacks during the last several days. Criminals promise to fully collapse the banks’ websites if the ransom of 20,000 bitcoin (€7m) from each bank is not paid.
On Thursday hackers managed to flood the banks’ websites with multiple requests and as a result the system crashed. Electronic transactions got disrupted for some time although customer personal information remained protected. The criminals promised to hit again unless they received the ransom by Monday’s deadline. According to the police, the following attacks didn’t succeed: “As no bank reacted to this first extortion, the same hackers tried again at the weekend and today. But we had strengthened our defense in the meantime, so no disruptions took place.”
Greek authorities responded to these attacks with creation of special team. Cyber-experts from the Greek central bank and the police electronic crime department teamed up to protect banks’ systems and prevent further attacks. “These attacks are extremely serious but we were able to boost security and add capacity with the help of local internet service providers,” said one senior Greek banker.
The Armada Collective made an attempt to get a ransom not for the first time. It is used to attacking mostly vulnerable businesses. It is known that the group has targeted victims in Switzerland and Thailand in recent weeks. Several email providers informed about hacker attacks from the Armada Collective group. ProtonMail, an encrypted email start-up set up by CERN researchers in Geneva, was targeted earlier this month. HushMail, VFEMail and RunBox were also hit within days of the attacks.
Paul Vlissidis, technical director at cyber security group NCC, says that the group claims to be able to do significant damage. “Give us bitcoin or we will take you off the internet” is their threat. At the same time they used to demand quite small ransom – in most cases equivalent of only a few thousand pounds – which is “a level where there’s a temptation just to pay it and make it go away”. However Mr. Vlissidis admits that the fact of these last Greek attacks being Armada’s doing hasn’t been confirmed so far. There is a suggestion that someone can simply imitate the group by using “a similar modus operandi”.
It’s necessary to note that Internet banking in Greece has grown rapidly after the introduction of capital controls in June. More than 200,000 new internet back accounts have been registered since then.