After compromising the personal information of approximately 90,000 customers at two Canadian banks, hackers demanded $1 million of XRP for the supposedly safe return of the data. While we’ve grown more accustomed to bitcoin-based ransoms, criminals may be attracted to the liquidity in the altcoin market and the lax KYC protocols on some of the international cryptocurrency exchanges that support them.
Earlier today, the Canadian Broadcasting Corporation[1] (CBC) reported that hackers stole information from account holders at Bank of Montreal and CIBC's Simplii Financial, two banking institutions. The theft included names, account numbers, passwords, security questions and answers, Social Insurance Numbers[2] (essentially, the Canadian equivalent of Social Security numbers), and account balances. For the victims, it's devastating to say the least.
After the hack, in a message from a Russian email address, the ostensible thieves demanded $1 million worth of XRP[3], a digital asset on the Ripple[4] Ledger. Otherwise, they threatened they would leak the stolen information online. The attackers offered proof of their hack by sharing information about a customer from each bank.
"These ... profile[s] will be leaked on fraud forum and fraud community as well as the 90,000 left if we don't get the payment before May 28 2018 11:59PM."
The ransom date has already expired and it's not apparent whether the hackers released the information, or whether the demand was for US or Canadian dollars. Presumably, they might have offered the data to the highest bidder somewhere on the dark web.
Note: Even if the hackers were paid off (which it seems Bank of Montreal and Simplii decided against), who's to say that the thieves would have deleted the stolen data? It's
