An internet gang claims it used a distributed denial-of-service (DDoS) attack to interrupt services at the Lloyds Banking Group.
The group, which includes Lloyds Bank, Halifax Bank, and the Bank of Scotland, suffered a series of outages on 11-13 January 2017. During that time, customers experienced difficulty logging into their accounts. Some individuals subsequently took to social media to vent their frustration.
One frustrated customer addressed Lloyds Banking Group directly at the time via Twitter, as quoted by BBC News:
“Haven’t been able to access the site or app for over 36 hours now – is anything being done about this?”
The Register reports that Lloyds Banking had no idea what was causing the outages on the first day of the attack. On 12 January, it said services were returning to normal but it was unsure if that would continue.
The round of outages ended in the afternoon on 13 January.
As of this writing, the bank has yet to reveal what caused the service interruptions. A statement sent to Bloomberg reveals as much… or as little:
“We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. We will not speculate on the cause of these intermittent issues.”
But a pair of individuals claim to know what happened.
On 13 January, the duo reached out to Bleeping Computer.
One of them sent over a link to a Pastebin page containing an email. The email, which the actors claim they sent to Lloyds, explains how the duo found several flaws on the group’s website and that they demanded 100 BTC (approximately US $100,000) in payment as a “consultancy fee.” Otherwise, they would continue to interrupt the bank’s service.
Meanwhile, the second alleged attacker provided a demo illustrating that the pair were behind the outages. They also tweeted about their attacks against the group from a now-dormant Twitter account.
Lloyds has yet to comment on those materials.
Assuming what the pair said is true, by no means would this the first time a group of attackers held a bank (or its data) for ransom. Nor will it be the last.
With that said, the UK National Cyber Security Centre feels it is up to banks to defend themselves. As it told the Financial Times:
“The more information a company shares in a timely manner, the better we are able to support them and prevent others falling victim. But companies ultimately hold responsibility for their cyber security risks — and they should invest appropriately to ensure their networks are secure.”
Organizations can protect themselves against ransom-based attacks with a layered defense, which includes investing in DDoS mitigation technologies and encrypting customers’ sensitive financial information.
ah, more lazy hackers. they're so smart, they're stupid! lol
tor needs to be vaporized, like yesterday.
Soon, choosing a bank will not be about interest rates or how friendly the branch staff are, but how good its internet security is.
and, your point is?
If the world governments, banks and large companies had agreed to outlaw, prohibit and legislate againt Bitcolins and their use in any form from the outset which myself and
many others campaigned for – then there would be none of this holding to ransom.
And, I do know what I am talking about – I quickly became a victim of these evil-dooers
but I never paid them a smell of a Bitcoin.
so you pretty much don't know what you're doing when using a computer, right?
I suggest you watch a simple, explanatory film BaliRob – "Bitcoin: The End of Money As We Know It."
It's not as simple as legislating "against Bitcoins". Any financier, computer expert or market trader will tell you this.
The only reason people fall victims to ransomware is because they choose to make themselves and others a target by paying the ransom.
Proper security systems, anti-virus, firewall, encryption and backup plans are essential if you want to use a computer these days and NOT because of Bitcoin.
The internet is a dangerous place.