Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Ecuador. Show all posts

Banco Pichincha: Ecuador's Largest Bank Hit by a Cyber Attack

 

Banco Pichincha, Ecuador's biggest private bank by capitalization and depositors, has been struck by a cyberattack that has crippled its operations and knocked the ATM and online banking website to be unavailable to the users. 

The intrusion happened over the weekend, and the bank had to lock down parts of its network to prevent the attack from spreading to other systems. The bank's systems have been taken down, causing considerable inconvenience, with ATMs no longer functioning and service notifications appearing on internet banking websites. 

The bank has 1.8 million customers, $4.5 billion in assets, and $4 billion in deposits, along with over 200 offices; Banco Pichincha has subsidiaries in Peru (Banco Financiero Per), Colombia (Banco Pichincha) and Panama (Banco Pichincha Panamá). And it also has a representative office in Miami and eight in Spain, comprising two each in Madrid, Barcelona, Murcia, and Comunidad Valenciana. 

Employees were informed that bank applications, email, digital channels, and self-services would be unavailable due to a technological issue, in an internal notification addressed to the Bank's departments. Self-service consumers should be guided to bank teller windows for assistance during the downtime, as per the internal memo. 

Banco Pichincha published a statement on Tuesday afternoon following two days of silence over the bank's technological troubles, acknowledging that their systems were disrupted by a cyberattack. 

The statement read: "In the last few hours, we have identified a cybersecurity incident in our computer systems that have partially disabled our services. We have taken immediate actions such as isolating the systems potentially affected from the rest of our network and have cybersecurity experts assist in the investigation. 

At the moment, our network of agencies, ATMs for cash withdrawals and payments with debit and credit cards are operational. 

This technological incident did not affect the financial performance of the bank. We reiterate our commitment to safeguard the interests of our clients and restore normal care through our digital channels in the shortest possible time. 

We call for calm to avoid generating congestion and to stay informed through the official channels of Banco Pichincha to avoid the spread of false rumors." - Banco Pichincha. 

Although, the origin of the attack has not been revealed to the public by the bank, according to insiders in the cybersecurity field, the hack is a ransomware attack with malicious attackers placing a Cobalt Strike beacon on the network. 

Cobalt Strike is often used by ransomware gangs as well as other threat actors to obtain endurance and access to additional systems on a system.

RansomEXX Ransomware Hits Ecuador’s State-Run CNT Telco

 

Ecuador's state-run Corporación Nacional de Telecomunicación (CNT) suffered a massive ransomware attack causing havoc in the business operations, the payment gateway, and the company's customer support portal.

The public telecommunications organization is a state-run telecommunication carrier that provides fixed-line phone service, mobile, satellite TV, and internet connectivity. Following a ransomware attack, CNT displayed an alert warning on its website about a ransomware attack they suffered and that the customer support and online payment are no longer accessible. 
 
"The National Telecommunications Corporation, CNT EP, filed a protest to the State Attorney General's Office regarding the ransomware attacks on company's computer systems. The initial investigation is going on and, the person behind this incident will be held responsible," read the alert notification translated into English. 

“This attack affected the care processes in our Integrated Service Centers and Contact Center; In this regard, we indicate to our users that their services will not be suspended for non-payment. We must inform our clients, massive and corporate, that their data is They are duly protected. We also inform that services such as calls, internet and television, operate normally," company further added.

CNT has not revealed any details regarding the attack timeline yet, but Bleeping computer reported that the attack was organized by a ransomware operation called RansomEXX. The gang claims to have stolen 190 GB of data and shared screenshots of some of the documents on the hidden data leak page. These pages are only accessible via these links hidden in ransom notes. 

The RansomEXX gang is responsible for numerous high-profile attacks, including Brazil's Rio Grande do Sul court system, Texas Department of Transportation (TxDOT), Konica Minolta, IPG Photonics, nuclear weapons contractor Sol Oriens, and JBS, the world's largest meat producer. 

The ransomware gang first started operating under the name Defray in 2018 but became more active in June 2020 when it changed its name to RansomEXX and began to target big organizations. Like other ransomware gangs, RansomEXX will abuse a network via purchased credentials, brute-forced RDP servers, or by utilizing exploits.

Once the attackers secure access to a network, they will silently spread throughout the network while stealing unencrypted files to be used for extortion attempts. After gaining access to an administrator password, they deploy the ransomware on the network and encrypt all of its devices.