Experts On News State Bank Of Chile Shuts All Branches After REvil Ransomware Attack

By   ISBuzz Team
Writer , Information Security Buzz | Sep 08, 2020 03:35 am PST

It has been reported that BancoEstado, one of Chile’s three biggest banks, was forced to shut down all branches yesterday following a ransomware attack that took place over the weekend. “Our branches will not be operational and will remain closed today,” the bank said in a statement published on its Twitter account on Monday. Details about the attack have not been made public, but a source close to the investigation told ZDNet that the bank’s internal network was infected with the REvil (Sodinokibi) ransomware. The incident is currently being investigated as having originated from a malicious Office document received and opened by an employee. The malicious Office file is believed to have installed a backdoor on the bank’s network. Investigators believe that on the night between Friday and Saturday, hackers used this backdoor to access the bank’s network and install ransomware.

Notify of
4 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Tarik Saleh
Tarik Saleh , Senior Security Engineer and Malware Researcher
InfoSec Expert
September 8, 2020 1:07 pm

It is easy to feel disheartened by the number of times we still see attacks take place because of a phishing email. The sad reality is that cybersecurity awareness training – while dramatically improving employees’ ability to spot a malicious message – doesn’t offer complete protection: there is always a chance that a particularly well crafted scam will get through email filters and will trick even the more savvy of users.

In these circumstances, BancoEstado’s Incident Response team will have to deal with the fallout and try to minimise the consequences. BancoEstado should also be preparing for double-extortion ransomware, which exfiltrates your data before encrypting it. This essentially turns ransomware attacks into data breaches, too; It is entirely possible that this will be the next step that attackers will take to maximise their profits.

Last edited 3 years ago by Tarik Saleh
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
September 8, 2020 1:04 pm

These are pretty classic conditions of a cyber attack. Unfortunately, employee error still contributes to the majority of breaches within organisations. As employees continue to work remotely, companies run the risk of exposing their corporate networks in a variety of new ways. That\’s why it is critical that businesses educate their employees on safe remote working practices in the same way they established secure work environments in the office. Stopping the spread of ransomware as soon as it is detected is also crucial. If someone on the team suspects they may have been hacked, they should disconnect from the network immediately and inform the rest of the company to curb the spread.

Ransomware is a game of economics and incentives. By not protecting our systems, not backing up our files and giving into paying ransoms we increase the reward for the attackers and the general viability of these kinds of attacks. But if we all do our part in reducing incentives, we can develop a kind of digital herd immunity where criminals in future may no longer feel the attacks are worth the effort.

Last edited 3 years ago by Jamie Akhtar
Dan Panesar
Dan Panesar , Director UK & Ireland
InfoSec Expert
September 8, 2020 11:45 am

Ransomware is particularly devastating as it’s easy to deploy and can be very effective. Cyber criminals will continue to target banks as they simply follow the money, with most of the attacks financially motivated. Unfortunately there is no easy answer when it comes to stopping this type of attack. In today\’s security landscape, even financial organisations and their security teams are outgunned by the attackers in terms of resources and skills. Security teams need to spend less time managing the systems, and more time addressing the threats posed by these sorts of attacks. One clear way to do this is by using user behavioural analytics to spot abnormal behaviour before it causes real problems, as in the Banco Estado case where an employee has unknowingly acted as the way in for the attackers. Secondly, using automation to allow the security team to focus only on the severe or real threats can further strengthen security posture. These can both help reduce the burden on security teams, bring better visibility and allow them to respond and react faster to attacks.

Last edited 3 years ago by Dan Panesar
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Leader
September 8, 2020 11:38 am

With ever-evolving ransomware, attacks against organisations across all sectors and sizes continue to have great impact. This is why it is increasingly important that organisations have a layered defensive strategy in place that can prevent an attack from being successful to begin with. In many cases, phishing is the primary root cause of infection, so email gateways should filter and block known malicious emails. Additionally, users need to be provided with timely, and relevant security awareness training so that they are best placed to identify and report suspicious emails and be less likely to click on malicious links or open malicious attachments. If an attack is successful, then endpoint protection along with robust threat detection and response controls need to be in place to minimise impact and to recover quickly. With most organisation relying on digital infrastructure to support their businesses, it is vital that cybersecurity is not treated as an afterthought and a culture of security is built in from the beginning.

Last edited 3 years ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x