Chilean bank Banco de Chile has suffered the main impact of the cyber attack that has resulted in thefts amounting to $10 million alongside a disk-wiping malware intrusion that sabotaged some 9,000 master boot records (MBRs) of computers and servers.
The attack reportedly took place on May 24th when Banco de Chile, the country’s biggest bank, reported sweeping system failures that impacted the computers across a number of branches. In-bank operations were rendered impossible with the bank chugging along with its online systems, local press reports.
While the bank refused to call it a security incident initially, a subsequent announcement on May 28th had Banco de Chile admit it had been struck by a “virus”. That virus has been understated, with the malware fundamentally crashing infected PCs and leaving them in a non-bootable state.
A screenshot of Instant Messenger conversations between bank employees reveals that the ‘virus’ – which draws parallels to the NotPetya ransomware that targets hard drives’ MBRs – crashed over 500 servers and a whopping 9,000 computers.
A security alert in the aftermath of the attack had one IT company identifying the virus under a variety of alias names. Some of the defined names including KillMBR and KillDisk, are disk-wiping malware that appears to be a form of ransomware. The malware fundamentally wipes out disks and destroys forensics data before posing a ransomware infection.
Banco de Chile said in a statement, roughly translated:
After an exhaustive investigation, it was determined that the origin of the detected fault was a virus, presumably from international networks, which directly affected Banco de Chile’s workstations, such as an inn in the offices and terminals of our executives and cashier personnel, among others, causing difficulties in branch service and telephone banking.
The attack comes in the heels of a similar cyber attack wherein Mexico’s central bank revealed hackers made away with $15 million after targeting Mexico’s domestic payments system, SPEI. The era of the online banking heist is truly upon us, after a foiled near billion-dollar hack from the central bank of Bangladesh from 2016 saw losses ‘restricted’ to $81 million.
Image credit: Wikimedia.