The Bank of Zambia says it refused to pay ransom to a group known as Hive that was behind a cybersecurity breach that caused minimal damage to its systems last week.

Last week, the Central Bank disclosed that recent technical outages resulted from a cyberattack.

“All of our core systems are still up and running,” Greg Nsofu, information and communications technology director at the Bank of Zambia, told Journalists in Lusaka.

“The disruption, which affected some systems at the Bank such as the Bureau De Change Monitoring System and the Website, emanated from a suspected cybersecurity incident. We wish to advise that these systems have since been fully restored.”

“Not much sensitive data has actually been shipped out.”

Mr. Nsofu said, “So we pretty much told them where to get off,” confirming that it was someone affiliated with the bank who responded to Hive.

After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination).

While the Bank of Zambia did not disclose the details of the cyberattack, BleepingComputer learned that the attack was conducted by the Hive ransomware operation, which claimed to have encrypted the bank’s Network Attached Storage (NAS) device.

However, instead of paying the ransom, the bank representatives responded to the ransom negotiation by making fun of the hacker’s ’14m3-sk1llz.’

They then proceeded to post a link to a dick pic while stating, “suck this dick and stop locking bank networks thinking that you will monetize something, learn to monetize.”

BleepingComputer has contacted the Bank of Zambia with further questions about this incident but has not received a response.

15 COMMENTS

tikki May 19, 2022 At 1:30 pm

Was it hacked by PF puppets ?
Excuse me asking this I just feel they’ll go to any lengths to gain a buck or two

1
8
Kaizar Zulu May 19, 2022 At 1:41 pm

Tikki when do you ever hear about a central bank being hacked anywhere in the world? It is clear this is an inside job. Kalyalya and his criminal friends are behind this .

7
4
Zennia May 19, 2022 At 2:33 pm

Nasty & stupid. Which sensible hacker would hack a poor nation like Zambia??Pretty desperate eh! Don’t pay!

#plant a tree please.

4
2
general KANENE May 19, 2022 At 2:45 pm

FYI – A few examples, Just to HELP THOSE WHO LACK INFORMATION, but commenting by spewing rubbish and misinformation.
Mar 24, 2022 — The hacker collective Anonymous claims to have hacked the Central Bank of Russia and is threatening to release more than 35,000 files……
— The European Central Bank (ECB) had to shut down one of its websites after it was hacked ,,,,
Jun 29, 2021 — COPENHAGEN, June 29 (Reuters) – Denmark’s central bank was compromised in last year’s global SolarWinds hacking operation,,,,,
Jan 10, 2021 — New Zealand’s central bank says that one of its data systems has been breached by an unidentified hacker ……
Dec 12, 2021 — The Philippine central bank is monitoring a surge in complaints of hacked bank accounts

2
3
The Vulture May 19, 2022 At 4:09 pm

general KANENE has put this ignorant or just naive impostor @2 to shame. Criticizing and condemning every act by the UPND out of hatred for HH. You’ll never step back in the corridors of power again, not at least for the next ten (10) years that HH will rule this country.

1
Deja Vu May 19, 2022 At 4:19 pm

Just a layman’s observation. If you fail to pay ransom, the kidnappers usually kill the victim. Don’t crucify me, it’s just an observation.

3
2
Razor May 19, 2022 At 4:21 pm

How can a central bank which is supposed to have the highest security system and malware protection be hacked. This means people in BOZ tech staff were sleeping.

2
1
Chatter B May 19, 2022 At 4:36 pm

Refusing to pay should not equal being inappropriate and insulting! Perhaps BOZ could have acted smarter and led the hackers on to obtain more info which could then be shared with interpol leading to them being busted. Reading some of the language(insulting) attributed to BOZ, I have two conclusions;

1. the story is not entirely accurate
2. BOZ is overrun by chongololos and the IT dept should be re-organized! Sha!

4
Cha Cha Cha May 19, 2022 At 6:30 pm

Cybercrime is a serious global problem. they will hack anyone even individuals. please stay laert to this risk.

2
OlympusHasFallen May 20, 2022 At 3:00 am

Obviously, I am not reading this right. Who posted the picture BoZ or Hackers? As one involved with Red and Blue Team mobilization, I find this story cheap and childish. BoZ was attacked by a Script Kiddie not some seasoned hacker. The level and packaging of Ransomware has become so sophisticated to the degree that even tough tested agencies have been hacked and actually ended up paying the ransom. Aware from red teaming, let’s talk blue teaming. BoZ you urgently need to engage a third party to conduct vulnerability assessment and penetration test of your perimeter network and security. If not already ensure all sensitive information at rest, in use and in motion is encrypted with industry supported protocols like AES256. Leverage secure tunnels for information transfer and…

5
OlympusHasFallen May 20, 2022 At 3:01 am

avoid use of legacy authentication protocols. Examine all processes, technology and people. People are the weakest attack vector in any cyber breach, therefore, engage in a wide scale security awareness campaign with a focus on phishing emails, social engineering attacks, vishing, smishing, spear-phishing and whaling attacks. Add multifactor authentication (MFA) or passwordless authentication immediately.

5
Cyber Pro May 20, 2022 At 7:26 am

Cyber Crime is serious problem globally. We in Zambia do not realize it. We do not have adequate Laws on CYber Crime. In some countries it is legal requirement to report cyber attacks within 72 hour to some govt entity like ZICTA. The breached company also has to inform the owners of the data that has been breached. To make matters worse there not enough professionals to protect information and information systems globally.

I do not think there is even good cyber Security Awareness among the Zambian people. I believe there are a lot such attacks that go un reported.
I would commend the Bank of Zambia for having come out in the Open to communicate the attack. And i only hope the other businesses including commercial banks would take this as a timely warning that Cyber criminals mean…
Cyber Pro May 20, 2022 At 7:34 am

I am currently working on a public Cyber security Awareness campaign which will be rolled out in July 2020. It will cover the following topics
1. Phishing attacks
2. Removable media
3. Passwords and Authentication
4. Physical security
5. Mobile Device Security
6. Working Remotely
7. Public Wi-Fi Security
8. Cloud Security
9. Social Media Use
10. Internet and Email Use
11. Social Engineering
12. Security at Home
I will various companies will give me the support

1
Cyber Pro May 20, 2022 At 7:35 am

Cyber Security Awareness will be rolled out in July 2022 not 2020.

1
Wesley Derek May 26, 2022 At 8:27 am

I was thinking of what to tell my Parent about my University grade because I failed woefully not until I search for a solution and I saw a lot of testimony posts about this Hacker Wizard Web Recovery, I contact him and I explain my problem to him and he promise to help me change my grade so after he asks me some few questions and collected my details he asks me to message him after 6 hours so I did then he told me to go and check my grade in the school portal I was amazed at what I saw and I can proudly tell my parent about my grades, you can also contact him if you need such help, his work is swift and very affordable Contact Him Through Email: [email protected] or WhatsApp: +1 (917) 725-3296?)