SANTIAGO — BancoEstado, Chile’s only state-run commercial bank, suffered a cyberattack. The bank’s authorities said they found “malicious software.” Officials are investigating the incident, while clients’ funds were not affected.
Authorities from Chilean state-run lender BancoEstado reported that during the weekend a “malicious software” has been discovered in the bank’s systems. BancoEstado authorities and the government said a complaint with the Cybercrime Unit of the Investigative Police (PDI) has already been filed, emphasizing that so far neither customers’ funds nor the bank’s assets were affected. The legal action focuses on “IT sabotage.”
At first, the bank planned to open its branches and attend the public in a limited capacity. But then it determined that all offices would remain closed until the problem is solved. Around 2 p.m. on Monday, 21 branches opened.
BancoEstado has 13 million clients. In a statement, the bank said while some platforms could present interruptions, systems like ATMs and “Caja Vecina” branches where clients could pay their bills would be working. The bank also apologized for the interruptions.
Unprecedented Attack on BancoEstado
The entity had seen scamming and phishing attempts before, but according to news outlet Biobío, never an attack like this. Biobío cited sources claiming the attackers used the ransomware tactic. This was confirmed by the government’s cybersecurity unit (CSIRT). The ransomware technique involves encrypting IT systems and demanding money for decryption.
Although the investigation is ongoing, it is confirmed that the attack originated from a document received and opened by an employee, that most likely installed a backdoor. During the weekend employees realized that they could not access their files, and the alerts went off.
Bank president Sebastián Sichel said at a press conference that systems were shut down as soon as authorities noticed something was afoot. “The funds of 13 million people were not affected … what was affected were the systems of some of the bank’s computers, approximately 12,000,” he said.
Responses To The Attack
Banking association ABIF said in a statement that “the industry is monitoring and taking the necessary actions to prevent and mitigate the possible impacts associated with this event.”
According to ADN Radio, Interior Minister Víctor Pérez said that the attack had been serious, but “hard work was done over the weekend … so that the BancoEstado accounts – that do not belong to the richest people of the country – were not affected.”
Senator Felipe Harboe from the Party for Democracy (PPD) summoned BancoEstado executives to report the details to the Senate’s economic commission. “It is not acceptable for a public bank, a bank that depends on the government, to suffer an attack of this nature, putting at risk the security of public funds, public information and, particularly, its customers,” he told El Mostrador.