Sicoob Cooperative suffered a ransomware attack that leaked customer data

The Sicoob cooperative may be the latest victim of the RansomHub ransomware group, which has access to more than 1 TB of the Brazilian company’s data. Among the allegedly leaked files Non-Disclosure Agreements (AN-D), personal information of customers and employees, company data and financial statements.

Notification of the predicted The attack took place this Monday (24) and was carried out by the following accounts on social media: TMRansomMonitor. “Based on activity detected by the ThreatMon threat intelligence team. The ‘#Ransomhub’ ransomware group has added ‘http://sicoob.com.br’ among its victims,” ​​a post said.

?????? #Cyber ​​attack ??????

???? #Brazil: Sicoob, one of Brazil’s largest financial cooperatives with $11.2 billion in assets, has been listed as a victim by the RansomHub ransomware group.

It appears that hackers leaked 1TB of data:

– NDA documents
– personal… pic.twitter.com/4FPsKXBNU3

— HackManac (@H4ckManac) June 24, 2024

According to the X (formerly Twitter) profile @H4ckManac, Crime group added some of the stolen data to the post. However, it is not possible to ensure the accuracy of the information shared.

“Sicoob is the most dangerous bank to cooperate with in Brazil. We have been in the Sicoob network for a long time and managed to steal all the sensitive data of the bank,” the ransomware group claims.

What data could have been leaked from Sicoob?

RansomHub was recently discovered and operates using malware of the same name as the group. The first activities of cybercriminals date back to early 2024 and There are signs that they may be Russian.

They use a modus operandi Called Ramsomware as a Service (RaaS), they sell their malware to other cybercriminals.

Recent potential victims of RamsomHub include British auction house Christie’s and even Brazilian consultancy YKP.

???‍??? Ransomhub has released a new victim: https://t.co/krELbiVeiW

——————https://t.co/ogMwsh8UsK#ransomware pic.twitter.com/dxqIpU2Gzx

—Ransomware.live (@RansomwareLive) June 24, 2024

In the Sicoob case, allegedly leaked data:

• Confidentiality Agreements (AN-D);
• Personal information of customers and employees;
• Financial Data;
• Financial information of “miscellaneous companies”;
• Data from projects being developed in various departments of the company and the source code of its digital products;
• Database;
• Confidential financial statements.

According to the so-called examples (evidence that the hacker attack was carried out), Sicoob has “numerous” vulnerabilities in its networkThis made the action possible. The documents claim that “the entire customer balance of this bank can be stolen at any time.”

HE RansomHub requested that bank management contact them within 72 hours to claim stolen data. Otherwise, all data will be exposed and other bank structures will be attacked.

Other side

In a note sent TecMundoSicoob reported that he identified a “Cyber ​​incident that took place in the local environment of one of the cooperatives that make up the system”. The company said it contacted police and launched an investigation to determine the extent of the incident.

Also Sicoob’s note says: Financial information of all cooperatives “maintained its integrity” and that the company’s system continues to operate normally for customers.

Check out Sicoob’s full statement below:

Sicoob reported that it detected a cyber incident in the local environment of one of the cooperatives that make up the System. He immediately activated security protocols to investigate the incident and took the necessary measures to contain the situation and minimize the risks associated with the incident.

The institution immediately reported the situation to the competent authorities and initiated an investigation with the support of experts to determine the extent of the incident.

Information and financial movements of all cooperatives and Sicoob members are processed in a separate structure from those affected by the incident and their integrity is protected.

The Institution underlines that all cooperatives in the System continue their normal operation both through face-to-face service and digital channels.

Sicoob strengthens its commitment to information security and will continue to invest in measures to protect its systems and data. Additionally, it is committed to providing honesty and trust in all its services.