Eleven individuals have been convicted by a local court for their role in the malware attack on Pune-based Cosmos Cooperative Bank, resulting in the theft of Rs 94 crore.
This cyber attack was one of the largest against an Indian bank, where numerous cloned debit cards belonging to Cosmos Bank were utilized to conduct thousands of ATM transactions across India and 28 other countries within seven hours on August 11, 2018. Over Rs 78 crore was withdrawn via more than 12,000 ATM transactions outside India, and an additional 2,800 transactions worth Rs 2.5 crore were carried out in various locations within India.
A group of 11 individuals have been found guilty by a local court for their involvement in a major malware attack on Cosmos Cooperative Bank, a financial institution based in Pune, India. The cyber attack occurred on August 11, 2018, and involved cloned debit cards being used for thousands of ATM transactions in India and 28 other countries within seven hours.
The fraudulent activity led to around Rs 78 crore being withdrawn outside of India in over 12,000 ATM transactions, and another set of 2,800 transactions of Rs 2.5 crore made in various locations across the country. Furthermore, on August 13, 2018, Rs 13.92 crore was transferred to a Hong Kong-based entity through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) facility.
The police investigation found that Visa cards were used for the transactions outside India, while RuPay cards were used for the transactions within India. In total, Rs 94 crore was stolen, leading to a case being registered at the Chaturshringi police station under various sections of the Indian Penal Code and relevant sections of the Information Technology Act. During the investigation, the police arrested 18 individuals from various locations, but one accused died and 17 were imprisoned.
The police found that the majority of those arrested were involved in withdrawing money from different ATMs using cloned cards of Cosmos Bank, while the racketeers gave them a portion of the withdrawn money as commission. A Special Investigation Team (SIT) filed a chargesheet against nine accused in December 2018, and two supplementary chargesheets were later filed against nine more accused. On April 15, a magistrate court in Pune convicted 11 accused persons.
The convicted individuals were awarded simple imprisonment, with most of them given four years and seven months. Four other people are still wanted in the case, with three of them suspected to be in Dubai. Following the malware attack, the Pune City Police and Cosmos Bank were successful in recovering Rs 5.72 crore that the fraudsters had transferred to a bank in Hong Kong.