Ransomware Shuts Down a Big Bank In Chile

One of Chile’s three biggest banks shut down all its branches on 9-7, following an attack by the REvil ransomware gang. The gang’s MO includes a leak site where files from networks it breaches are published if the ransom isn’t paid. BancoEstado’s name was not on the site as of 9-8, indicating that the bank was still negotiating with the hackers. The breach originated with a malicious Office document received and opened by an employee, which installed a backdoor on the bank’s network. The document arrived on Friday and the hackers used the backdoor to access the network over the weekend. This is the second time hackers have targeted a Chilean bank. North Koreans deployed disk-wiping malware on the network of Banco de Chile in 2018. In 2019 they breached Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks, during an attempt to orchestrate an ATM cash-out scheme.