Chile’s BancoEstado falls victim to ransomware attack
BancoEstado, one of Chile’s largest banks, shut down all its branches on Monday after it fell victim to a ransomware attack at the weekend.
Responsible for the financial activities of the Chilean government, BancoEstado is managed by the country’s general treasury.
It is the largest mortgage lender and the largest issuer of debit cards in Chile.
The attack
First reported by ZDNet, the bank issued a statement via its Twitter account on Monday confirming the branch closures.
“Our branches will not be operational and will remain closed today,” it tweeted, having already disclosed the attack on Sunday.
Sources told ZDNet that criminal cybergang REvil infected the bank’s internal network with its ransomware.
The ransomware originated from a malicious Office document opened by a BancoEstado employee. This document, once opened, installed a backdoor in the bank’s network.
Investigators think hackers used this backdoor to access the bank’s network and install ransomware.
On Saturday the bank’s employees were unable to open their work files.
How far the attack reached
ZDNet sources say the ransomware has encrypted “the vast majority of internal servers and employee workstations”, pointing to significant disruption.
But the bank had separated out its internal network. This meant the bank’s website, banking portal, mobile apps, and ATMs went unscathed in the attack.
BancoEstado reported the attack to Chilean police, which prompted the Chilean government to issue a nationwide cyber-security alert to the country’s private sector.
REvil operates a leak site, where it publishes documents from an attack until a victim pays up. It is still unclear whether the bank has paid the ransom demand or still negotiating with the hackers.
Not the first time for Chile
In recent years, Chile has experienced two other major cybersecurity attacks.
In June 2018, Banco de Chile suffered a disk-wiping malware attack. The hackers used this attack to distract staff while they attempted to steal money via the bank’s SWIFT cross-border payments system.
Redbanc, a company which joins up the ATM infrastructure for Chile’s banks, fell victim to an attack by the same hackers in 2019.
A LinkedIn ad lulled a Redbanc employee into a job interview. The interviewers asked him to download, install, and run a malicious file for “recruitment purposes”.
Read next: Stopping malicious insiders with deception technology