Chilean Bank Shuts Down All Branches Following Ransomware Attack

BancoEstado, one of Chile's three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend. From a report: "Our branches will not be operational and will remain closed today," the bank said in a statement published on its Twitter account on Monday. Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank's internal network was infected with the REvil (Sodinokibi) ransomware. The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank's network.

Another one bites the dust ...

[gweihir]

Cheaper than possible security, because preparation costs money and the risk-managers involved are either incompetent or got overridden by "management".

Will be interesting to see how long they need to be up and running again. A large bank usually cannot survive longer than 3 or 4 days without working IT. Incidentally, makes them really bad ransomware-targets, because you cannot unlock their stuff in that short a time. Hence the attackers get nothing, but hugely piss off a lot of people. They should offer a $10M bounty and an amnesty to the person that reports the attackers first and provides enough information and evidence to get them arrested and tried. Come to think of it, $10M is probably on the low side considering the damage already done even if the bank survives.

Re:

[flyingfsck]

It is Chile, not the US or UK. The bank will carry on after a few days and the customers will grin/scowl and bear it.

Re:

[sjames]

Going back closer to the root, a DOCUMENT should be data, not code. There was a time when documents didn't carry a risk of running malicious code.

Re:

[gweihir]

Going back closer to the root, a DOCUMENT should be data, not code. There was a time when documents didn't carry a risk of running malicious code.

I completely agree. Very stupid "engineering" at work, done by idiots that cannot see that more features are not always desirable. MS is hugely guilty of this, but so is Adobe (for adding file access to PostScript) and many others.

BTW, this is usually called "executable code in non-executable containers".

DARWINISM

[Excelcia]

Anyone actually affected by ransomware is, to me, just pure Darwinism at work. The problem is, in this case it affects other people.

Ransomware should be exactly no different from a hard drive failure. You restore from last night's image, and you move on. The ground-zero computer you take more precautions with, in case it had been infected earlier, but even then you shouldn't have to go back more than a week. It's a thirty minute fix. With the proper and correct backup procedures in place, ransomware ju

Re:DARWINISM

[rmdingler]

If someone parked an unlocked Cadillac with gold plated bumpers in a slum, would you call those that strip it to the wheel nuts to blame, or the idiot who parked it there?

Except, in this case, the idiot (Bank of the State) who parked it there left the assets of millions of others (bank's customers) inside the Caddy.

There may be fewer banking choices in Chile than many realize: "Banco del Estado de Chile commercially operating under the brand BancoEstado, is the only Public Bank in Chile and was created by government decree in 1953."

Re:

[Joe_Dragon]

last night's image for an bank and lose peoples money?

Re:

[currently_awake]

You can't afford to lose any transactions on the bank database. If 10,000 customers deposited their paycheck in that time you'll go to jail for theft.

Re:

[discordia60605]

So last night's image plus replaying the append-only journal up to the point of corruption, then?

Re:

[bws111]

Nowhere does it say anything about any user accounts being affected. It specifically says the web site, mobile apps, and ATMs were working. So what was probably affected were 100s to 1000s of PCs used by tellers, officers, managers, etc at the branches. And while indeed it may be as simple as 'just restore last nights backup', when you have to do that on 1000s of PCs it takes time.

Do you want a bank run?

[nitehawk214]

This is how you get a bank run.

Re:

[Nidi62]

This is how you get a bank run.

Can't run on a bank if they're all closed.

What did they get

[jmccue]

Luckily, it appears the bank had done its job and properly segmented its internal network, which limited what the hackers could encrypt. The bank's website, banking portal, mobile apps, and ATMs were untouched

What did they encrypt ? Account info, loan records, Account/Customer information ? That does not seem too lucky to me. Seems to be the area that should be protected the most. Who gives a crap about the Website, Apps and Portal. It is the real data that is important.

Re:

[esperto]

Yeah, it is like they left a candle over a drawer that burned all their kids photos and documents but hey, the drapes are untouched!

Re:

[bws111]

The fact that the website, portal, mobile apps, and ATM were untouched would seem to indicate that the actual important stuff (accounts, etc) was untouched or nothing would be working. It just say branches were closed, so presumably the damaged stuff was the computers that the tellers, loan officers, etc use.

Microsoft Windows strikes again!

[minorityreport]

Going on the dearth of technicals, we can assume the malware didn't run on any of Apple, Android or Linux.