They Stole $10 Million from Utah Banks. Was It Your Money?

MoneyTaker is a hacking group that stole $10 million from banks in Utah and California. The worst part? It’s been happening for more than a year, and no one has noticed until now. Sounds like banks need to beef up their cyber security! Was your money stolen? Find out here!

It’s Simple, Really: MoneyTaker Takes Money

Cyber security is one of the biggest industries in the world, because cyber crime is one of the biggest industries, too. And no one is safe from cyber attacks. A series of thefts from banks in Utah, California, and New York left hackers $10 million dollars richer. This has been going on for the past 18 months. How did we just now find out?

The hacking group, called MoneyTaker, may be based in Russia or connected to other groups there. Most banks were located in the U.S., but some were in Russia and took big hits amongst the funds stolen. Group-IB, a private cyber security intelligence group, reported on the situation. Here is what they said about the hack.

“The cell remained undetected by using so-called fileless malware that only exists on a computer’s temporary memory and destroys itself when the system reboots, meaning it’s not permanently stored and therefore can more easily evade anti-virus programs.” (

They also generated false encryption certificates using big names like Bank of America, Microsoft Corp., the Federal Reserve, and others. They used these to cover their tracks, and lead investigators off their trail. The hackers robbed banks located in the U.S. by gaining access to their card-processing systems.

How They Did It

The MoneyTaker would open a few accounts at a bank, and then, using their exploit, remove the limits from their credit cards. They would then use “mules” to go use the cards at ATMs to withdraw large sums of cash. They would remove their malware and accounts from the system stealthily and supposedly leave no trace. In fact, they were so stealthy that a few of the banks were even robbed twice using this exact same method.

(A mule is a courier, often for money or drugs. In this context it is probably a person hired by the hacker group to be the physical presence in the US and withdraw the money.)

According to, MoneyTaker group targeted smaller banks with limited resources, ones they felt would have less cyber security. This leads to the question: can you trust small banks to have adequate cyber security? If this story proves anything, it’s that the smaller businesses are the most targeted because, generally, they are easier targets.

If you are a small business, take this as a warning. Don’t think hackers aren’t aware of your business and don’t think you aren’t affected by hackers, ransomware, and more, just because you are small. Cyber security is something that everyone needs, no excuses! If you are ready to protect your company (or upgrade your protection),  check out the Fibernet cyber security services here!