Bank of China (Hong Kong) Ltd. and Bank of East Asia Ltd. said their websites were attacked by hackers over the weekend, Ming Pao Daily reported on Wednesday.
BEA said its website saw an abnormal surge in traffic last Saturday, which slowed down its online banking services.
Customer data and accounts were not affected by what investigators called a Distributed Denial of Service (DDoS) attack.
BOCHK also reported a DDoS attacked on its website on Saturday, but said its internal security system was able to protect customer data and accounts.
Police said preliminary investigation showed that the attacks came from several countries, and both banks received emails from attackers who demanded unspecified amounts of ransom to be paid in Bitcoins, otherwise they would attack again.
The two cases are being treated as extortion attempts and have been transferred to the police cyberspace security and technology crime division for further investigation, the newspaper said.
Leung Siu-chong, a senior consultant with the Hong Kong Computer Emergency Response Team Coordination Center, said the center handled 125 cases involving DDoS attacks last year.
This type of assault usually involves botnets, or internet-connected computers that take part in the raids without the knowledge of their owners, Leung said.
He said such attacks usually have little impact on online banking services, although online trading platforms are more vulnerable.
Hackers usually demand virtual currencies as ransom because they are hard to trace, Leung added.
– Contact us at [email protected]