{"id":80061,"date":"2017-10-12T14:34:23","date_gmt":"2017-10-12T21:34:23","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=80061"},"modified":"2025-06-05T19:40:17","modified_gmt":"2025-06-06T02:40:17","slug":"taiwan-bank-heist-role-pseudo-ransomware","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/","title":{"rendered":"Taiwan Bank Heist and the Role of Pseudo Ransomware"},"content":{"rendered":"<p><a href=\"https:\/\/www.finextra.com\/newsarticle\/31174\/taiwans-far-eastern-international-bank-suffers-malware-attack\" target=\"_blank\" rel=\"noopener\">Widespread reports<\/a> claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States. <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2017-10-12\/sri-lanka-makes-arrests-in-60-million-taiwanese-bank-cyberheist\" target=\"_blank\" rel=\"noopener\">Recent reports<\/a> from Sri Lanka say that two individuals <a href=\"https:\/\/www.reuters.com\/article\/us-sri-lanka-moneylaundering-arrests\/sri-lanka-arrests-two-over-hacking-of-taiwan-bank-accounts-idUSKBN1CE2FK\" target=\"_blank\" rel=\"noopener\">have been arrested<\/a> for suspected money laundering after a tip-off from the Bank of Ceylon, which reported a suspicious transfer of $1.2 million from the Far Eastern International Bank.<\/p>\n<p>On Saturday October 7, Far Eastern International Bank reported that it had recovered most of the money and that overall losses could reach $500,000.<\/p>\n<h2>How did the attack happen?<\/h2>\n<p>Based on the initial intelligence we have received, the first direct interaction with the victim began with spear phishing attacks that contained \u201cbackdoor\u201d attachments.<\/p>\n<p>Figures 1 and 2 provide some examples of the attachments.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-80064 size-medium\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png\" alt=\"\" width=\"300\" height=\"193\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-768x494.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-1024x658.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-778x500.png 778w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1.png 1444w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><em>Figure 1: Spear phishing attachment.<\/em><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-80065 size-medium\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-2-300x152.png\" alt=\"\" width=\"300\" height=\"152\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-2-300x152.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-2-768x390.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-2-1024x520.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-2-984x500.png 984w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-2.png 1570w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><em>Figure 2: Spear phishing attachment.<\/em><\/p>\n<p>When the victim clicks on the link, they are redirected to a malicious site that downloads additional files to the victim\u2019s computer. One example of these malicious sites is hxxps:\/\/jobsbankbd.com\/maliciousfilename.exe.<\/p>\n<p>This site hosts another backdoor that gives the criminals access to the victim\u2019s system in the bank.<\/p>\n<p>Once the criminals gain access to the systems, our initial analysis reveals that the attackers harvested credentials. This was confirmed by evidence we found in a sample that contained the following credentials from the bank:<\/p>\n<ul>\n<li>FEIB\\SPUSER14<\/li>\n<li>FEIB\\scomadmin<\/li>\n<\/ul>\n<p>These credentials are used to create a scheduled task on the system and monitor the running of endpoint security services. (This does not indicate a problem with the security software, only that the attackers did their research and took measures to take out the security software being run within the bank.) We have notified the security provider, and have provided all of our research to date.<\/p>\n<p>Besides the scheduled task and credentials, we discovered another interesting piece of code. Inside the sample was the resource \u201cIMAGE,\u201d which seemed to be a zip file. Once extracted, we found the file aa.txt. Although this appeared to be a text file, it was really an executable.<\/p>\n<p>The file contains code that scans for the installed languages, especially:<\/p>\n<ul>\n<li>419 (Russian)<\/li>\n<li>422 (Ukrainian)<\/li>\n<li>423 (Belarusian)<\/li>\n<\/ul>\n<p>If these languages are detected, the file will not run. We have seen this behavior before in ransomware families.<\/p>\n<p>When analyzing the strings of this particular file, we discovered some interesting ones:<\/p>\n<ul>\n<li>HERMES 2.1 TEST BUILD, press ok<\/li>\n<li>HERMES<\/li>\n<\/ul>\n<p>When executed, the file proved to be ransomware. However, no note or wallpaper indicated that this was ransomware. After the file finished running, only one thing appeared on the desktop:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-80066 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-3.png\" alt=\"\" width=\"330\" height=\"304\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-3.png 330w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-3-300x276.png 300w\" sizes=\"auto, (max-width: 330px) 100vw, 330px\" \/><\/a><\/p>\n<p><em>Figure 3: The final screen of this pseudo ransomware.<\/em><\/p>\n<p>And in every directory a file:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-80067 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-4.png\" alt=\"\" width=\"962\" height=\"42\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-4.png 962w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-4-300x13.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-4-768x34.png 768w\" sizes=\"auto, (max-width: 962px) 100vw, 962px\" \/><\/a><\/p>\n<p>The original Hermes ransomware note points toward this file; but in our case, we saw no note, nor demand for ransom. The Hermes ransomware family surfaced in February:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-80068 \" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-5.png\" alt=\"\" width=\"990\" height=\"481\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-5.png 1968w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-5-300x146.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-5-768x373.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-5-1024x497.png 1024w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-5-1029x500.png 1029w\" sizes=\"auto, (max-width: 990px) 100vw, 990px\" \/><\/a><\/p>\n<p>We suspect that this is another example of pseudo ransomware. Was the ransomware used to distract the real purpose of this attack? We strongly believe so.<\/p>\n<p>Based on our sources, the ransomware attack started in the network when the unauthorized payments were being sent.<\/p>\n<h2>Where next?<\/h2>\n<p>Clearly this was a very carefully crafted attack, and specifically targeted at one bank. The attackers identified specific individuals to email, and understood the security measures being deployed. Although the samples we identified are now covered by our security products, we urge caution in anyone assuming that \u201cI am protected.\u201d The criminals took their time to understand how the bank works and developed the necessary code to enable them to steal millions. An effective security posture must anticipate such highly skilled attackers.<\/p>\n<p>Because this is related an active law enforcement investigation,\u00a0we are limiting what information we publicly share and will publish further updates only if that does not conflict with a current investigation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.<\/p>\n","protected":false},"author":653,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[76,4185,4549],"coauthors":[3576,1359],"class_list":["post-80061","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybercrime","tag-phishing","tag-ransomware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Taiwan Bank Heist and the Role of Pseudo Ransomware | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Taiwan Bank Heist and the Role of Pseudo Ransomware | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-12T21:34:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T02:40:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1444\" \/>\n\t<meta property=\"og:image:height\" content=\"928\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christiaan Beek, Raj Samani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChristiaanBeek\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christiaan Beek, Raj Samani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/\"},\"author\":{\"name\":\"Christiaan Beek\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\"},\"headline\":\"Taiwan Bank Heist and the Role of Pseudo Ransomware\",\"datePublished\":\"2017-10-12T21:34:23+00:00\",\"dateModified\":\"2025-06-06T02:40:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/\"},\"wordCount\":646,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png\",\"keywords\":[\"cybercrime\",\"Phishing\",\"ransomware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/\",\"name\":\"Taiwan Bank Heist and the Role of Pseudo Ransomware | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png\",\"datePublished\":\"2017-10-12T21:34:23+00:00\",\"dateModified\":\"2025-06-06T02:40:17+00:00\",\"description\":\"Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Taiwan Bank Heist and the Role of Pseudo Ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79\",\"name\":\"Christiaan Beek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png\",\"caption\":\"Christiaan Beek\"},\"description\":\"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \\\"Hacking Exposed\\\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/christiaanbeek\/\",\"https:\/\/x.com\/ChristiaanBeek\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Taiwan Bank Heist and the Role of Pseudo Ransomware | McAfee Blog","description":"Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Taiwan Bank Heist and the Role of Pseudo Ransomware | McAfee Blog","og_description":"Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-10-12T21:34:23+00:00","article_modified_time":"2025-06-06T02:40:17+00:00","og_image":[{"width":1444,"height":928,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1.png","type":"image\/png"}],"author":"Christiaan Beek, Raj Samani","twitter_card":"summary_large_image","twitter_creator":"@ChristiaanBeek","twitter_site":"@McAfee","twitter_misc":{"Written by":"Christiaan Beek, Raj Samani","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/"},"author":{"name":"Christiaan Beek","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79"},"headline":"Taiwan Bank Heist and the Role of Pseudo Ransomware","datePublished":"2017-10-12T21:34:23+00:00","dateModified":"2025-06-06T02:40:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/"},"wordCount":646,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png","keywords":["cybercrime","Phishing","ransomware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/","name":"Taiwan Bank Heist and the Role of Pseudo Ransomware | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png","datePublished":"2017-10-12T21:34:23+00:00","dateModified":"2025-06-06T02:40:17+00:00","description":"Widespread reports claim the Far Eastern International Bank in Taiwan has become a victim of hacking. The attacks demonstrate the global nature of cybercrime, with the cybercriminals attempting to wire US$60 million to destinations such as Sri Lanka, Cambodia, and the United States.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/20171012-Taiwan-heist-1-300x193.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/taiwan-bank-heist-role-pseudo-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Taiwan Bank Heist and the Role of Pseudo Ransomware"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/b5594548f9e30297ea54990aff356e79","name":"Christiaan Beek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/09179574bcf76b6304ed08e621f59379","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/2-96x96.png","caption":"Christiaan Beek"},"description":"Christiaan Beek is the Lead Scientist &amp; Sr. Principal Engineer of the Enterprise Office of the CTO. He is leading the strategic threat intelligence research with a focus on inventing new technology, research techniques and models. Visionary and serving leadership is at the core of his day-to-day job, getting the best out of people and collaborate to make the (cyber) world safer and a better place. In previous roles, Beek was Director of Threat Intelligence in McAfee Labs and Director of Incident Response and Forensics at Foundstone, McAfee\u2019s forensic services arm. At Foundstone, he led a team of forensic specialists in Europe, the Middle East, and Africa during major breaches. Beek develops threat intelligence strategy, designs and envision threat intelligence systems and new research techniques. Christiaan speaks regularly at conferences, including BlackHat, RSA, BlueHat and Botconf. Besides contributed to the best-selling security book \"Hacking Exposed\", he wrote a comic book about Ransomware, is a contributor to the MITRE ATT&amp;CK framework and holds multiple patents.","sameAs":["https:\/\/www.linkedin.com\/in\/christiaanbeek\/","https:\/\/x.com\/ChristiaanBeek"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/christiaan-beek\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/80061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/653"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=80061"}],"version-history":[{"count":4,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/80061\/revisions"}],"predecessor-version":[{"id":215164,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/80061\/revisions\/215164"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=80061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=80061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=80061"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=80061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}