2 min read

Hackers steal $5 million from Ryanair's bank account


April 29, 2015

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Hackers steal $5 million from Ryanair's bank account

All of us dread the prospect of having our personal bank accounts hacked.

But imagine what it must be like for a company to have its business bank account plundered by hackers for millions of dollars?

According to reports, controversial budget airline Ryanair has fallen victim to hackers who managed to steal €4.6 million (almost US $5 million) via a fraudulent electronic transfer to a Chinese bank last week.

The Irish Times reports that Ryanair uses dollars to buy fuel for its fleet of Boeing 737 aircraft, and it is believed that these were the funds which the hackers were able to gain access too. Presumably large amounts of cash are spent purchasing fuel from such accounts, and that’s why no alarm was raised as 4.6 million was transferred from the account.

Whether, of course, large payments for fuel is often made via Chinese banks is information that I’m not privy too – but apparently that’s where at a least one bank transfer did end up going.

Who was behind the assault on Ryanair’s bank account is currently a matter of pure speculation. Just because a Chinese bank was involved does not necessarily mean that Chinese criminals were behind the attack.

Additionally, no details of how the hack was perpetrated have been made public, although in a statement the airline says that it has taken steps to prevent a reoccurrence:

“Ryanair confirms that it has investigated a fraudulent electronic transfer via a Chinese bank last week. The airline has been working with its banks and the relevant authorities and understands that the funds – less than $5 million – have now been frozen. The airline expects these funds to be repaid shortly, and has taken steps to ensure that this type of transfer cannot recur.”

Earlier this month, IBM security researchers published details of a criminal campaign dubbed “Dyre Wolf” that successfully stole more than $1 million from targeted businesses. In that campaign, hackers infected workers’ computers with malware and tricked them into ringing a live phone operator (working for the gang) who could socially engineer credentials and wire large sums of money out of the business’s account.

Although a fairly crude technique, it does successfully circumvent commonly-used defences such as two-factor authentication.

Of course, it’s not known if this was the technique used by the criminals who attacked Ryanair.

Personally I think it’s a shame that Ryanair hasn’t been able shed more light on the details of how the hack might have occurred, or what steps it might have taken to prevent it from happening again. After all, that would no doubt be information which could prove useful to other organisations which wish to protect themselves from similar criminal activity.

After all, if the airline has been able to fix the problem so quickly it would presumably be simple for other organisations to make sure that they were taking similar precautions or proactive steps to avoid falling to the same fate.

Ryanair became aware of the fraud on Friday, and Dublin’s Criminal Assets Bureau has been working with its counterparts in Asia to try to recover the money.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like