One of the three largest Chilean banks, BancoEstado, was forced to stop serving customers in all its branches – the bank’s computer systems were infected with a ransomware virus.
Due to the ransomware attack, the bank branches were closed on Monday 7 September. Although details of the attack were not disclosed, a ZDNet source reports that BancoEstado’s computer systems were infected with the REvil (Sodinokibi) virus. Apparently, the infection occurred after a bank employee received and launched an infected electronic document. After that, the program provided hackers with access to the bank’s network, and on the night of September 4-5, an attack was carried out on the organization’s infrastructure. Already on Saturday, bank employees could not get access to working files.
Note that initially the bank’s management hoped not to draw attention to the fact of infection. However, the attack affected a large number of computer systems, so management had to close the bank’s offices and issue an official statement on the matter. However, the internal networks and services of the bank were delimited, so the operation of ATMs, the bank’s website and mobile applications was not affected.
The hacker group REvil publishes the files of the victims if they do not receive a ransom. At the moment, there is no mention of BancoEstado on the hackers’ site. Most likely, the bank’s management either continues negotiations with the attackers, or has already paid the ransom. Recall that in July, hackers REvil hacked into the largest telecommunications company in Argentina Telecom and demanded payment of $ 7.5 million in XMR within 48 hours.