Hackers have targeted three Greek banks for a third time in five days, demanding a ransom from each lender of 20,000 bitcoin (€7m), according to Greek police and the country’s central bank.
A group calling itself the Armada Collective demanded the bitcoin ransom after staging its first attacks last Thursday, and then threatened a full collapse of the unnamed banks’ websites if they refused to pay up.
These initial attacks took the form of a distributed denial of service — flooding the banks’ websites with requests so that they crashed under the strain. On Thursday, they succeeded in disrupting electronic transactions at all three banks for a short period, but customer information was protected, a police official said.
“No bank responded to this extortion, so the same hackers tried again at the weekend and today,” the official said on Monday. “But we had strengthened our defence in the meantime, so no disruptions took place.”
Cyber experts from the Greek central bank and the police electronic crime unit were monitoring the banks’ computer systems, a central bank official added.
Internet banking has grown rapidly in Greece following the government’s introduction of capital controls in June, to curb a bank run that threatened a to bring down the financial system and force Greece out of the euro. More than 200,000 new internet back accounts have been registered since then, to facilitate customers making domestic transactions.
“These attacks are extremely serious but we were able to boost security and add capacity with the help of local internet service providers,” said one senior Greek banker.
Paul Vlissidis, technical director at cyber security group NCC, said the Armada Collective, which has carried out several attacks in recent months, attempts to extort money from businesses that are vulnerable to attack.
“In effect, they say: ‘Give us bitcoin or we will take you off the internet’,” he explained. “They claim to be able to do significant amounts of damage.” He added that the level of ransom demanded by the group — often the equivalent of only a few thousand pounds — was “targeted at a level where there’s a temptation just to pay it and make it go away”.
Toymaker Vtech hit by cyber attack
Group’s Hong Kong-listed shares suspended after database of 5m customers and some children stolen
However, Mr Vlissidis said there was no way of proving that the new attackers are from the ‘Armada Collective’, or simply trying to imitate the group by using “a similar modus operandi”.
On Thursday, they demanded a ransom of 20,000 bitcoin from each of the three Greek banks, according to the central bank.
DDoS attacks are a rudimentary technique in internet terms, but can result in websites being offline for several hours — causing significant disruption to a bank or consumer business.
Several email providers have seen their services hit by hackers claiming to be from the Armada Collective group. In September, the Swiss government warned that the group was blackmailing local email providers.
ProtonMail, an encrypted email start-up set up by CERN researchers in Geneva, was hit earlier this month, while similar groups HushMail, VFEMail and RunBox were also targeted within days of the attacks.
Additional reporting by Ralph Atkins in Zurich