Cosmos Bank server hacking – Rs 78 crores withdrawn from ATMs in 28 countries in 2 hrs

Pune – During investigation it has been revealed that the cyber (malware) attack on Cosmos Bank ATM server originated in Canada and the accused persons had withdrawn Rs 78 crores within 2 hours from ATMs located in 28 countries.While addressing media at their registered office Cosmos Tower, on Ganeshkhind Road, Cosmos Bank chairman Milind Kale said, “No customer has lost any money. Its the bank’s loss. On 11th August 2018, we came to know about Malware attack on our Debit Card Payment System. It was observed that unusual repeated transactions were taking place through ATM VISA and Rupay Card for nearly about 2 hours. As soon as the suspicious transactions were reported, the Bank immediately shut down its VISA and Rupay Debit Card Payment System. The Core Banking System (CBS) of the Bank receives Debit Card payment requests via ‘Switching System’. During the Malware Attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system. It is observed that approx Rs.78 crores were withdrawn through various ATMs located in 28 countries. It includes around 12000 VISA card transactions. In the same way, approx Rs 2.50 crores were withdrawn through 2800 Debit Card transactions in India at various locations. The Bank has appointed a professional Forensic Agency to investigate the Malware Attack. The Investigation Agency will submit its report in next few days regarding the modus operandi of the Malware-attack and the exact amount involved therein. As it is a Malware Attack on the Switch which is operative for the payment gateway of VISA/ Rupay Debit card, and not on the Core Banking System of the Bank, the customers’ accounts and its balances are not at all affected. Every year the server and other systems of the Bank are inspected by RBI Audit and System Audit. Cosmos Bank is ensuring all the measures for data security and as such the security mechanism is fully operational in the Bank. None of the above fraudulent transaction is debited to any of the customer’s accounts and will not be debited in future too. The Savings, Term Deposits and Recurring accounts of the depositors are totally safe. The Bank has appealed to its customers to remain calm and not to panic and also to continue the faith and trust of the 112years old Bank.”As a precautionary measure, the bank has closed internet, mobile banking and ATM transaction for a few days. The customers have been sent messages also.Kale further said, “The hackers were careful in choosing Saturday for the malware attack. As it was a weekend holiday and we reconcile with VISA about the transactions in 2-7 days. We have been told that the attack originated in Canada.”A bank officer Suhas Subhash Gokhale has filed FIR with Chatushrungi police station, Pune city police, against unidentified persons and ALM Trading Limited, Hong Kong.The criminals had hacked the server on August 11 and transferred Rs 78 crores to accounts out of India. They have also transferred Rs 2.5 crores to accounts in different parts of the country. On August 13, they transferred Rs 13.92 crores to a bank account in Hong Kong.Police have booked the criminals for offences under sections 120B (criminal conspiracy), 379 (theft), 420 (cheating), 34 (common intention) of the Indian Penal Code and relevant sections of Information Technology (IT) Act.