Hacking BancoEstado in Chile: data hijacking is not ruled out

Due to the unprecedented cybercrime events, the Chilean Government’s Computer Security Incident Response Team (CSIRT) issued an alert for possible threats to the computer security of private entities in the country, especially those in the financial sector.

BancoEstado, Chile’s state bank and the largest in terms of several users, suffered a cyberattack that negatively affected the operation of the web platform and forced the closure of all customer service offices nationwide. The relevant authorities investigating the case established that a ransomware attack was perpetrated, so they do not rule out that the user database is at risk.

During the afternoon of Sunday, September 6, BancoEstado reported through its Twitter account about the detection of malicious software that infected the operating systems of the entity.

Hacking BancoEstado in Chile

As a result of the attack, on Monday the bank was forced to close all its branches nationwide, while its online banking platform also presented failures. Other bank services such as the mobile application and the physical services of ATMs and CajaVecina did not present problems.

The Minister of the Interior and Public Security, Víctor Pérez, indicated that the attack on BancoEstado “should be a matter of special concern for everyone […] it was a very deep cyber-attack, through a virus that has penetrated the operational issue. According to the newspaper La Tercera, the chief of staff also added that it had been possible to avoid that “the accounts of the people of the State bank, which are not the accounts of the richest people in the country, but are of vast sectors of the middle class or vulnerable, were not transferred”.

For his part, the president of BancoEstado, Sebastián Sichel, communicated in response to the widespread fears of users that the entity is working to find the person responsible for the events. To which he also assured that there had been no “impact on customer funds or BancoEstado’s equity”; and added that the opening of branches would be done progressively.

According to information provided by the local media BioBio Chile, the reason behind the magnitude of the attack was related to the ransomware (data hijacking) techniques applied by hackers. The Interior Undersecretariat also confirmed the information in a report, which does not rule out that the attackers may have hijacked data from the system and proceed to request a ransom.

Possibility of Rescue in Bitcoin or another Cryptocurrency

After an analysis “from multiple sources”, Csistorgob reported that it had identified the Sodinokibi ransomware with the person responsible for the attack. In a statement, the security team explained that this cyber virus, which had been detected for the first time in a campaign in 2019, operates by exploiting vulnerabilities, collecting basic system data, and then encrypting the information.

In many cases, criminals often request a ransom in exchange for releasing the information, which is often requested in cryptocurrencies due to its private nature. A recent report highlights that Monero (XMR), a digital currency focused on anonymity, was preferred among the traders behind that ransomware after Bitcoin.

Meanwhile, in the face of the massive hacking against the renowned Chilean bank, various users went to the Twitter social network to highlight the decentralized nature of Bitcoin. “With Bitcoin, you are your bank and you take control of your savings,” wrote user Felipe Undugarra, while others referred to the financial independence that cryptocurrency offers.

By: Jenson Nuñez.