BancoEstado victim of ransomware: bank closed

Over the weekend a ransomware destroyed the computer systems of BancoEstado, one of the main banking institutions in Chile, forcing the block of part of the activities decided and announced yesterday. According to what has emerged so far, the responsibility seems to be attributable again to REvil (Sodinokibi).

Chile: REvil ransomware hits BancoEstado

The opening of a corrupt Office document by an employee, thus initiating the installation of a backdoor and consequently the infection of the network which apparently occurred on the night between Friday and Saturday. The discovery then occurred over the weekend when some employees reported an anomaly as they were unable to access their files.

For its part, BancoEstado immediately notified the Chilean authorities of the incident, as required by practice. The recovery operations may take longer than expected: all the internal servers of the institution and the collaborators' workstations have apparently been compromised. Fortunately, the preventive measures implemented seem to have worked at least in part, making it possible to keep the official website, the home banking portal, mobile applications and the infrastructure that manages the ATMs in the country safe. There are no risks for customer accounts.

Important information on the red of atención pic.twitter.com/CfFeb9tCzK

- BancoEstado (@BancoEstado) September 7, 2020