{
	"id": "8a414fb5-3edb-4700-850e-9f8e98767249",
	"created_at": "2026-04-11T02:24:07.073314Z",
	"updated_at": "2026-04-11T02:24:15.576355Z",
	"deleted_at": null,
	"sha1_hash": "a4f74c55f5359b7588ac88acc87d71e0c9f81b42",
	"title": "\"Almost everything you have posted in your news article about this incident is a total crap\" -- BlackCat to Bangladeshi news outlets - DataBreaches.Net",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41223,
	"plain_text": "\"Almost everything you have posted in your news article about this\r\nincident is a total crap\" -- BlackCat to Bangladeshi news outlets -\r\nDataBreaches.Net\r\nPublished: 2023-07-07 · Archived: 2026-04-11 02:21:07 UTC\r\nOn June 23, using the greeting that Hive ransomware always used in emailing victims, AlphV wrote to the\r\nBangladesh Krishi Bank (BKB). Typos, grammar, and spelling as in the original:\r\nHello,Ladies and Gentlemen! This is ALPHV Ransomware Team.\r\nWe are here to inform you about data breach which took place at the\r\n“Bangladesh Krishi Bank” network on June 21th 2023. As a result of\r\nthis breach our team had downloaded over 170Gb of sensitive data\r\nfrom this network. Also we have encrypted all servers and data\r\nstored there. We have infiltrated your network and stayed there for\r\n12 days, it was enough to study your documentation and download\r\neverything was needed.\r\nHere is a quick scope of data we have downloaded:\r\n– financial data (accounts, statements, payments, taxes, etc)\r\n– employees data (emails, passports, labor papers, contracts, etc)\r\n– sql backups dated 6/19/2023\r\nYou should contact us as soon as possible if you want to keep this incident confidential, protect your\r\ndata and negate aftermath.  We are ready to help you with data recovery and also we can show you how\r\nto protect your network and store data properly, for a fee.\r\nYou can find our contacts at the “RECOVER-a5pyfnp-FILES.txt” file which we left on every pc or\r\ncontact us through this email.\r\nOur organisation is kindly offering you to start negotiation with us. Sooner we will get message from\r\nyou – less will be the price for your data!\r\nWe should inform you that if you will refuse to answer to us we will be forced to publish your data for\r\nfree download through our special website.\r\nHave a good day!\r\n! ! ! DO NOT TRY TO DECRYPT OR CHANGE ENCRYPTED FILES ON YOUR COMPUTERS, IT\r\nWILL COMPLETELY DESTROY THEM ! ! !\r\nOn July 6, they wrote to BKB again, with a large distribution list of executives at BKB included. The July 6 email\r\nrepeated a lot of the earlier communication but added:\r\nhttps://www.databreaches.net/almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets/\r\nPage 1 of 3\n\nhttp://[redacted by DataBreaches]\r\ndon’t waste your time and stop the leak, contact us asap\r\nand:\r\nUnfortunatelly, for “Bangladesh Krishi Bank” top management, they\r\ndecided not to negotiate recovery of stolen data’s.\r\nWe have placed a strong backdoor tools within Krishi Bank’s network,\r\nso we can always return there and do whatever we want.\r\nIT-management of this bank does not have enough qualification and\r\nskills to protect their data.\r\n“All the contributors and investors who used to store their money at\r\nthe Bangladesh Krishi Bank should withdraw their money within 7 days\r\nafter this message being send, in case if they don’t want to lost\r\nall their money.” – this message will be send to all contacts and\r\nemails we will found in “Bangladesh Krishi Bank” documents, in case\r\nif “Bangladesh Krishi Bank” top-management will not contact us\r\nwithin 72 hours starting July 8th 2023.\r\nAn AlphV spokesperson confirmed to DataBreaches that BKB hadn’t contacted AlphV at all since their first June\r\n23 communication. But while the bank didn’t contact AlphV, they were giving statements to local media.  A June\r\n25 news story reported that the Bangladesh Agricultural Bank was in the hands of hackers. And on June 26,\r\nanother news story provided an update claiming that the server was recovered after 72 hours, but\r\nThe staff of the bank could not identify who is responsible for this hacking. It could not be confirmed\r\nwhether any information was leaked or not.\r\nThat seems a bit odd since AlphV’s very first email even announced who they were, but reporting in a Barta24\r\narticle went beyond “odd” to downright inaccurate:\r\nThe [Managing Director] of the bank gave this information to the media on Sunday (June 25) night.\r\nShawkat Ali Khan claimed that some hackers had taken control of the bank’s servers but could do no\r\nharm. All documents are intact. I have already taken full control.\r\n[…]\r\nWhen asked who hacked, he said, I have formed a committee to investigate the matter. When the\r\ncommittee’s inquiry report comes in hand, it will be clear who did it and how.\r\nBangladesh Bank Executive Director and Acting Spokesperson Zakir Hossain Chowdhury said, “There\r\nwas no hacking, I heard about Krishi Bank’s server being down.” But now it is normal. No problem.\r\nhttps://www.databreaches.net/almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets/\r\nPage 2 of 3\n\nNo hacking? Are they serious? DataBreaches is not criticizing the news outlet, but it sounds like they were given\r\ninaccurate info by a bank spokesperson. Perhaps after they read AlphV’s site or this reporting, they will\r\nunderstand the discrepancy between what the bank has stated and what the attackers claim and have shown with\r\nproof of claims.\r\nIn any event, the local media coverage appears to have ticked off AlphV, who sent out another email today, but\r\nthis time to press:\r\nHello, Ladies and Gentlemen!\r\nThis is ALPHV Ransomware Team.\r\nWe want to share with you some information relating to Bangladesh Krishi Bank hack attack.\r\nAlmost everything you have posted in your news article about this incident is a total crap.\r\nThe email then continues with a repetition of AlphV’s claims about what they did and what they acquired and that\r\nthey have already started leaking some of the data.\r\nFinding no notice on its website or press release indexed in Google, DataBreaches reached out to the bank via\r\nemail with three primary questions:\r\nDoes Krishi Bank acknowledge that some personal/financial information of customers was accessed\r\nand exfiltrated in the attack?\r\nIs Krishi Bank notifying any customers or employees whose data has been accessed or exfiltrated?\r\nHow many customers had their personal information accessed or acquired?\r\nNo reply has been received as yet.\r\nSource: https://www.databreaches.net/almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets/\r\nhttps://www.databreaches.net/almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.databreaches.net/almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets/"
	],
	"report_names": [
		"almost-everything-you-have-posted-in-your-news-article-about-this-incident-is-a-total-crap-blackcat-to-bangladeshi-news-outlets"
	],
	"threat_actors": [],
	"ts_created_at": 1775874247,
	"ts_updated_at": 1775874255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a4f74c55f5359b7588ac88acc87d71e0c9f81b42.pdf",
		"text": "https://archive.orkl.eu/a4f74c55f5359b7588ac88acc87d71e0c9f81b42.txt",
		"img": "https://archive.orkl.eu/a4f74c55f5359b7588ac88acc87d71e0c9f81b42.jpg"
	}
}