2016: Plunder of nearly 2 billion rubles
In March, 2016 the Group-IB company which is engaged in investigation of cybercrimes published the report from which it became known of plunder by hackers of nearly 2 billion rubles at the Russian banks.
The cybercriminal group under the name Buhtrap used the new virus sending false messages from names of the Central Bank or its representatives. With its help during the period from August, 2015 to February of the 2016th 13 cracking of banking systems, including Metallinvestbank and the Russian international bank were made.
Total amount of monetary losses of banks as a result of the attacks was 1.8 billion rubles. The amount of the maximum theft in 2016 reached 600 million rubles, average damage of the attacked bank — 143 million rubles. In January, 2016 credit institutions managed to stop plunder for 1 billion rubles. At the same time at the expense of prevention of the attacks banks spend 28 times less, than lose from average damage at one hacker attack, the study says.
According to experts, the Buhtrap group acts since October, 2014, however the first attacks to financial institutions were recorded in August, 2015. Before these hackers attacked only clients of banks.
Unlike other hacker Buhtrap groupings do not interest online money transfer systems, ATMs and payment gateways. The virus used by swindlers looks for on infected the computer the Automated Working Station of the Central Bank Client application (AWS CBC, or the automated workplace of KBR — the Automated workplace of the client of the Bank of Russia). As a result of infection of an automated workplace of KBR hackers manage to forge legal payment orders, substituting in them data of the accounts, instead of these these receivers.[1]