Largest Chilean banks, BancoEstado, was forced to suspend work of all its branches this week due to a ransomware attack. Last weekend, most probably REvil ransomware operators attacked the financial institution.
So, on Monday, representatives of the bank said on official Twitter account that all branches are still closed for an indefinite period.Our branches will not be operational and will remain closed today”, — the bank said in a statement published on its Twitter account on Monday.
The ZDNet magazine writes that the details of the attack have not yet been disclosed, but the journalists’ own sources close to the investigation report that the bank suffered from an attack by the well-known REvil ransomware (aka Sodinokibi).
Apparently, the incident occurred because one of the bank employees opened a malicious Office document received by mail. This malicious Office file is believed to have installed a backdoor on the bank’s network, and on Friday night, hackers exploited it and spread the ransomware across the financial institution’s network.
It is reported that initially the bank’s specialists expected to quickly cope with the attack, but the damage was more serious than they thought, since the ransomware encrypted the vast majority of internal servers and employees’ workstations.
The bank initially disclosed the attack on Sunday, but as time went by, bank officials realized employees wouldn’t be able to work on Monday, and decided to keep branches closed, while they recover”, — told ZDNet journalists.
Fortunately, it seems that the bank’s specialists correctly segmented the company’s internal network, and as a result, the attack did not affect the bank’s website, banking portal, mobile applications and ATMs, and customers are assured that their funds are completely safe.
BancoEstado had already notified Chilean police of the incident, and on the same day, the country’s government issued a nationwide warning, reporting a ransomware campaign targeting the private sector.
Journalists note that on the REvil website, with the recently launched auction service, where the stolen data is sold, there is no mention of BancoEstado, which means that the bank has either already paid the ransom or is still negotiating with the attackers.
By the way, let me remind you that IS researchers believe ‘REvil’ is rebranding of GandCrab.
