Ransomware claim on Venezuelan bank

A Venezuelan bank that advertises “rapidez y seguridad” in its online services is now being named on a ransomware leak site. On April 7, 2026, the Qilin ransomware group publicly claimed it breached Banco Nacional de Crédito, also known as BNC, and threatened to release stolen data. (dexpose.io) (ransomware.live) BNC is not a small local credit union. Its public website presents it as Banco Nacional de Crédito C.A. Banco Universal, with consumer banking, business banking, cards, loans, trust services, foreign-currency operations, and digital banking through BNCNET 2.0. (bnc.com.ve) (d3q4nr72nuserl.cloudfront.net) That is why a ransomware claim against a bank lands differently than a claim against, say, a manufacturer or a law firm. A bank holds identity documents, account records, payment histories, phone numbers, addresses, and internal files that can be reused for fraud long after the first headline fades. (bnc.com.ve) (mycert.org.my) Qilin is one of the more active ransomware operations being tracked right now. Ransomware.live describes it as an active group first observed in July 2022, and says its operators use “double extortion,” which means they do not just lock files but also threaten to publish stolen data if a victim does not pay. (ransomware.live) Cisco Talos says Qilin has used a mix of credential theft, lateral movement, and data exfiltration tools in real intrusions. In Talos’s cases, the group abused legitimate software such as Cyberduck, used PsExec to spread, and ran different encryptors for hosts and network shares. (blog.talosintelligence.com) In this BNC case, the public evidence is still a claim, not a full independently verified incident report. DeXpose says Qilin posted the bank on April 7 and threatened to release sensitive data unless negotiations began, while automated trackers such as RedPacket Security and Ransom-DB also recorded the listing. (dexpose.io) (redpacketsecurity.com) (ransom-db.com) There is also a recent local report suggesting this may not be the first time BNC has faced pressure from the same group. CriptoNoticias reported on April 8, 2026, that Qilin had targeted the bank before in 2025 and had previously demanded an $8 million ransom tied to encrypted data. (criptonoticias.com) BNC’s own public-facing materials show why customer records would be valuable to criminals even without direct account access. The bank’s forms, onboarding flows, and digital channels rely on identity verification, card data, account servicing, and online banking credentials, which are exactly the kinds of details that can be repackaged into phishing, account takeover attempts, and synthetic identity fraud. (bnc.com.ve) (d3q4nr72nuserl.cloudfront.net) That spillover is why this story is not just a bank story. Special investigation units in insurance, fraud teams, and third-party cyber risk teams watch these posts because leaked bank data can turn up later in claims fraud, business email compromise, social engineering, mule account recruitment, and identity disputes across other sectors. (mycert.org.my) (blog.qualys.com) The regional backdrop makes the claim more plausible, even before full confirmation. Venezuela’s banking sector has been warning customers about cybercrime and impersonation campaigns, and the country’s banking association recently backed a joint anti-cybercrime awareness effort aimed at protecting user data. (bncenlinea.com) (eldiario.com) The timing also fits a broader surge in ransomware activity. Ransom-DB said it logged 858 ransomware incidents in the 30 days ending April 3, 2026, and highlighted Qilin’s intrusion into Banco Nacional de Crédito as part of a week in which critical infrastructure and financial targets remained under pressure. (ransom-db.com 1) (ransom-db.com 2) What is missing right now is just as important as what has been posted. I did not find, as of April 9, 2026, a public incident statement from BNC on its main website confirming the breach, describing affected systems, naming the data involved, or telling customers what protective steps to take. (bnc.com.ve) So the cleanest reading today is this: a known ransomware group has publicly named a real Venezuelan bank, multiple threat-tracking sites have logged that disclosure, and the bank’s business model means any theft of customer records could have effects far beyond one institution. Until BNC or a regulator publishes a formal notice, the claim should be treated as credible but not fully verified. (ransomware.live) (dexpose.io) (bnc.com.ve)