Bank customers extorted for ten percent of balances

The clientele of a privacy-focused bank in the tiny European country of Liechtenstein, Valartis Bank, received an email on Wednesday demanding that ten percent of their account balances be liquidated and sent to a hacker, via Bitcoin, by Wednesday, December 7.

Liechtenstein is a 62 square mile sovereign principality between Austria and Switzerland, and a well-known tax haven until 2009 when the bank secrecy regulation act swept across Europe. As a result, essentially all countries agreed to implement tax treaties that would facilitate the exchange of banking information. The tiny alpine country was one of four, including Switzerland, who fought to retain some measure of banking privacy.

“We’re not a tax haven, we’re a safe haven”

• Mario Gassner, CEO of Liechtenstein’s Financial Market Authority

Valartis Bank was founded in 1998 as Hypo Investment Bank, and is now a subsidiary of Citychamp Watch & Jewellery Ltd., Hong Kong, a luxury goods group listed on the Hong Kong stock exchange. The bank has nearly 100 employees since, and focuses on asset management, investment advice, and transaction banking on.

The fully licensed alpine bank depends on a high degree of privacy to attract high-net-worth clients. “Personal consultation, discretion and professional action are more than just slogans for us,” states Valartis Bank CEO Dr Andreas Insam. “The interests of our international private clients are the focus of our actions.”

According to the hacker, most of these clients are German. One of Germany’s largest newspapers, Bild, received a copy of the ransom email that states “unlike previous leaks of other banks, this data contains comprehensive information.”

“We have the entire payment and correspondence in several gigabytes of data Ideal proofs for criminal proceedings In the case of transparency, I have noticed some well-known names,” the email claims. “Among them are politicians, actors, and wealthy private individuals.”

The bank claims that data is processed with an internal computer system, stating “we do not use data centres.” The bank also claims to be the sixth largest in Liechtenstein, managing around 4 billion Swiss Francs (US$3.96 billion). If every client pays the 10 percent ransom, Valartis clients may need roughly 396 million dollars worth of bitcoin.

“The attacker did not obtain details of the account statement or asset data and possible affected customers have already been informed by the bank.”
— – Fong Chi Wah, Valartis Bank Board of Directors

Bitcoin has become the currency of choice for hackers and ransomware users in recent years, “Our research shows that this type of ransomware is collecting at least $15M in 2016 from a single family of Locky ransomware, from just one criminal group,” the Vice President of Blockchain Forensics company CipherTrace, Steve Ryan, told BraveNewCoin. “Total ransomware losses are estimated at $1B by the end of 2016.”

“Surely most customers will not actually pay the ransom, as there is no guarantee that the data won’t be released,” Ryan said. The attack “brings to the forefront the question of whether ransomer criminals can be trusted to not release data, even if they are paid.”

However, over 30 percent of large businesses polled in England are preemptively storing bitcoin in case of an attack, and the attacks are becoming more frequent. McAfee labs states that ransomware attacks have grown by 80 percent in 2016.

The San Francisco municipal subway system was recently hacked using ransomware, and held to ransom for 100 bitcoins. There have also been high profile attacks conducted against a few hospitals and police departments. Meanwhile, it is not known if ransomware was even used on Valartis bank. The most similar example of such a direct extortion for bitcoin was August 2015’s infamous Ashley Madison hack which demaneded one bitcoin from each individual user.

“If enough users do in fact pay the ransom, then those transactions can be traced using bitcoin forensics.  If the amounts are large enough, it may be possible to identify the bank accounts or bitcoin exchange accounts of the perpetrators.”

• Steve Ryan, VP CipherTrace