09-07-2020 , 08:55 PM
https://www.zdnet.com/article/chilean-ba...re-attack/ Chilean bank shuts down all branches following ransomware attack
All BancoEstado branches will remain closed on Monday, September 7, and possibly more days.
Catalin Cimpanu
By Catalin Cimpanu for Zero Day | September 7, 2020 -- 16:31 GMT (09:31 PDT) | Topic: Security BancoEstado, one of Chile's three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend.
"Our branches will not be operational and will remain closed today," the bank said in a statement published on its Twitter account on Monday.
Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank's internal network was infected with the REvil (Sodinokibi) ransomware.
The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank's network.
Investigators believe that on the night between Friday and Saturday, hackers used this backdoor to access the bank's network and install ransomware.
Bank employees working weekend shifts discovered the attack when they couldn't access their work files on Saturday.
BancoEstado reported the incident to Chilean police, and on the same day, the Chilean government sent out a nationwide cyber-security alert warning about a ransomware campaign targeting the private sector.
All BancoEstado branches will remain closed on Monday, September 7, and possibly more days.
Catalin Cimpanu
By Catalin Cimpanu for Zero Day | September 7, 2020 -- 16:31 GMT (09:31 PDT) | Topic: Security BancoEstado, one of Chile's three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend.
"Our branches will not be operational and will remain closed today," the bank said in a statement published on its Twitter account on Monday.
Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank's internal network was infected with the REvil (Sodinokibi) ransomware.
The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank's network.
Investigators believe that on the night between Friday and Saturday, hackers used this backdoor to access the bank's network and install ransomware.
Bank employees working weekend shifts discovered the attack when they couldn't access their work files on Saturday.
BancoEstado reported the incident to Chilean police, and on the same day, the Chilean government sent out a nationwide cyber-security alert warning about a ransomware campaign targeting the private sector.