It has been reported according to a public statement that the branches will remain closed for at least one day but clarified that customers’ funds have not been affected by the incident.
Información importante sobre nuestra red de atención pic.twitter.com/CfFeb9tCzK — BancoEstado (@BancoEstado) September 7, 2020
However, by citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack, as it reportedly originated from an office document infected with the malware that an employee received and proceeded to open.
According to the report, the incident was reported to the Chilean authorities, who issued a cyber-security alert that warned about a massive ransomware campaign targeting the private sector in the country.
Chile just increased the cyber security alert. pic.twitter.com/3lcYYNK6zZ — Hagakure (@fortunateson71) September 6, 2020
Despite being spotted by IT experts at Banco Estado, they concluded that normal operations couldn’t take place on Monday by implying that the damage caused by the ransomware could be worse than expected.
At 12:57 p.m. ET on Monday, Banco Estado managed to re-establish 21 of its branches in the country with limited services for deposits and remittances but closed them again at 2:00 p.m. ET.
Ya contamos con 21 sucursales operativas a lo largo del país y atenderán hasta las 16hrs. En ellas puedes realizar trámites de caja, como depósitos y giros. Revísalas a continuación 👇🏽 pic.twitter.com/4e4ELXI5B9 — BancoEstado (@BancoEstado) September 7, 2020
Thus, REvil auctions data stolen in their attacks, listing it on their official’s dark web site, and often asking for Monero (XMR) as the method for collecting ransoms.