BancoEstado recognizes that cyber attack managed to extract information but it would be data that “is not significant” for the bank

There was no theft of the patrimony of the clients or the bank, but the cyberattack did manage to extract information from the entity. That was what the president of BancoEstado, Sebastián Sichel, said on Tuesday at a press point, but pointed out that these data “for now, for the bank, are not significant. That is why we have been able to lift the operation, and what can probably happen these days is that they try in some way to commercialize or sell this data ”.

Of course, he explained that they would be “non-personal data and programs, rather the bank’s operating systems.” In addition, he insisted that they have not received a request for rescue, and now they estimate that on Thursday they could have all the branches operational.

On the same Monday the bank had already filed a complaint against those who are responsible for computer sabotage. In the document, he reveals that it was on Saturday morning when a bank official reported “that when he opened his personal computer (PC), a message appeared in which he was told that his files had been encrypted and, at the same time, instructions had to be followed to proceed to decrypt them ”.

In this way, the security officer of the state company activated the protocols, and informed the cybersecurity management to begin the “security analysis of the internal platform; being told that a specific user had a problem with his e-mail, and it was diagnosed that it was a malware computer virus, from a workstation located at the Bandera N ° 60 branch in the Santiago commune. “

Thus, the forensic cybersecurity team made an analysis of the work station, “corresponding to patient zero,” the complaint states; this means, the first computer that was infected. The document says that the affected machine has the “name ‘VS2K8-CORREDOR3’, under the domain ‘ACTIVE’, belonging to Microsoft’s Exchange mail server”.

What does that mean? Gabriel Bergel, co-founder and CEO of 8.8 Computer Security Conference, explains that this means that it is a machine related to mail, that is, “it follows that the attack vector was mail, and confirms that a phishing or spear phishing would have been dealt with ”.

The complaint continues by stating that that same Saturday “the immediate action response protocols were activated, involving the disconnection of all network equipment and then an analysis of the corporate network traffic to find executable files associated with the virus, in order to to determine its consequences ”.

In parallel, the cyber defense team of the cybersecurity management “proceeded to analyze the traffic of the Firewalls, without finding malicious traffic.” While “the sub-management of technological risk, proceeded to inform the subsidiaries and reported the incident to the regulator (Commission for the Financial Market), specifically the detection of a malware in the bank, called PACKED.GENERIC.525, whose characteristic is infect computers with a malicious executable file ”.

The cybersecurity incident response team began to support “the bank’s various applications, prioritizing criticality from the point of view of customer security and business continuity.”

The complaint ends by saying that “so far no violation of our clients’ accounts or the bank’s assets has been detected, without this being able to be ruled out in the future.” In any case, it details that the containment measures taken “to prevent the impact of customers, caused the services of face-to-face channels to be affected, that is, the branch network, ServiEstado, the call center (intermittent), and site web companies (intermittent) ”.