Cyber gangs who speak Russian have a new target — banks in the U.S.

Watch our report here:




You’re not the only one taking cash out of the ATM. 

Money mules lined up at ATMs around the U.S., draining accounts past their overdraft limit — part of a new cyber theft scheme that stole almost $10 million dollars, according to cybersecurity company Group-IB.

A new Russian-speaking cyber gang called the Money Takers broke into bank computer networks in California, Wisconsin, Illinois, Missouri, Oklahoma, North Carolina, South Carolina and Florida in 2017, Group-IB’s report said.

The gang went after smaller banks with fewer defenses, reported ABC News .

Car thieves do the same, experts said.

“You don’t want to go after the car with the German shepherd in the back and bars on the window,” said cybersecurity researcher Cameron Camp with ESET. “You go after the one next to it with the window cracked in front.”


Example of an ATM. Thieves used ATMs to drain U.S. banks of cash, according to Group-IB. Image credit: Archer News


The Money Takers — named after one of the malware tools they used —  snuck into bank systems and put malware on machines, said Moscow-based Group-IB.

They took secret screenshots of bank employees’ screens and monitored what they typed on their keyboards.

They changed payment information so that they could channel money to other accounts.

Then the gang sent their cohorts to ATMs in the U.S. to wait for their payday, when the machines would spit out the illegal money.

One of their tricks, at least in the case of a bank they attacked in Russia — going in through the home computer of a bank administrator, the report said.

It can be easy to trick employees with fake phishing e-mails, experts said.

“If I have a bank organization now with 10,000 employees, and they all have e-mail addresses and they are all part of an internal corporate network, I have 10,000 vulnerabilities,” said Robert Knapp, CEO of CyberGhost.


Example of a phishing e-mail. Image credit: Group-IB


This is not the first time that cyber gangs like these have hit banks hard.

Cyber thieves from the Lurk gang in Russia were arrested in 2016 and 2017 for allegedly stealing millions from Russian banks.

Experts said Lurk’s sophisticated money attack was just the beginning.

“Indeed, it is and it’s a harbinger of things to come,” Camp told Archer News in November.

In all, the Money Takers gang hit 15 banks in the U.S., two in Russia and one in England, according to the report.

Each U.S. bank lost an average of $500,000.

You may not have lost any cash from your account, but experts say you may still ending up paying the bill for this kind of crime.

“The damage that is done is not done on a customer’s level. That means if your money is stolen, the bank usually replaces it,” Knapp told Archer News. “But at the end of the day, that is also what makes the banking process so expensive.”


See our first report on the notorious Russian cyber gang “Lurk”:




Main image: Example of an ATM. Image credit: Archer News