vicesociety attacks Jammal Trust Bank

Incident Date:

March 28, 2022

World map



vicesociety attacks Jammal Trust Bank


Jammal Trust Bank




Beirut, Lebanon

Beirut, Lebanon

First Reported

March 28, 2022

Jammal Trust Bank Targeted by Vice Society Ransomware Group

Jammal Trust Bank, a Shiite-owned Lebanese bank established in 1963, recently fell victim to the Vice Society ransomware group. Despite having 25 branches across Lebanon and additional offices in Nigeria, the Ivory Coast, and the United Kingdom, the bank was compelled to shut down in 2019 following US sanctions for its role in "assisting in the financing of terrorism". The cyberattack by the Vice Society was disclosed on their dark web leak site, where they boasted about compromising the bank's website.

The Vice Society is notorious for its sophisticated approach, employing encryption to seize control of victims' files and demanding a ransom for the decryption keys. In certain cases, they also threaten to publish sensitive data if their demands are not satisfied. This group has orchestrated several notable cyber heists, including the infamous Bangladesh Bank Heist in 2016, which led to a loss of over $81 million.

The susceptibility of Jammal Trust Bank to such cyber threats can be traced back to its previous affiliations with Hizballah, a recognized terrorist organization. The US Department of the Treasury's Office of Foreign Assets Control (OFAC) had sanctioned the bank for its deliberate involvement in banking activities for Hizballah, potentially marking it as a prime target for cybercriminals looking to exploit these connections.

The full extent of the damage inflicted upon Jammal Trust Bank remains uncertain. However, this incident underscores the critical need for financial institutions to adopt comprehensive cybersecurity strategies. Drawing lessons from the Bangladesh Bank Heist, which was executed through a mix of social engineering, insider collusion, and malware, is vital for averting similar future attacks. Implementing measures such as two-factor authentication, conducting regular security audits, and providing cybersecurity training to employees are essential steps in fortifying defenses against cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.