Contents:
Banco Pichincha, the largest private bank in Ecuador, by capitalization and by the number of depositors, has been hit by a cyberattack that has disrupted its activity and taken the ATM and online banking website offline.
According to Wikipedia, the financial institution has 1.8 million customers in Ecuador, $4.5 billion in assets and $4 billion in deposits, as well as more than 200 branches in the country.
Banco Pichincha has a subsidiary in Peru (Banco Financiero Perú), one in Colombia (Banco Pichincha), and another in Panama (Banco Pichincha Panamá). It also has an agency in Miami, and eight representative offices in Spain.
What Happened?
The incident took place over the weekend, prompting the financial institution to halt parts of its network in order to prevent the attack from spreading to other systems.
Banco Pichincha was seriously affected by the system outage, with ATMs no longer functioning and online banking portals displaying maintenance notifications.
According to BleepingComputer, all the Banco Pichincha employees have been informed via an internal notice that due to a technological problem bank apps, email, digital channels, and self-services will be unavailable.
What Did Banco Pichincha Say?
This week, the financial institution finally decided to make a statement concerning the incident, declaring that their operations shut down due to a cyberattack.
BleepingComputer translated the bank’s declaration into English:
In the last few hours, we have identified a cybersecurity incident in our computer systems that have partially disabled our services. We have taken immediate actions such as isolating the systems potentially affected from the rest of our network and have cybersecurity experts to assist in the investigation.
At the moment, our network of agencies, ATMs for cash withdrawals and payments with debit and credit cards are operational.
This technological incident did not affect the financial performance of the bank. We reiterate our commitment to safeguard the interests of our clients and restore normal care through our digital channels in the shortest possible time.
We call for calm to avoid generating congestion and to stay informed through the official channels of Banco Pichincha to avoid the spread of false rumors.
The good news is that clients can now access their online accounts, although the banking website is still displaying a maintenance notification.
The bad news is that the mobile app is still unavailable.
Was This a Ransomware Attack?
The company’s representatives didn’t say what type of attack hit it, but BleepingComputer found out that it was indeed a ransomware attack with hackers “installing a Cobalt Strike beacon on the network.”
Cobalt Strike is frequently employed by ransomware groups and other cybercriminals to obtain persistence and access to other systems on a network.
Not Its First Rodeo
A few months ago, Hotarus Corp ransomware group attacked Banco Pichincha and claimed to have stolen internal data such as confidential ministry data, emails, employee information, and contracts.
At that time, the bank stated admitted the cyberattack and declared that one of their providers was breached.
We know that there was unauthorized access to the systems of a provider that provides marketing services for the Pichincha Miles program.
In relation to this information leak, and based on an extensive investigation, we have found no evidence of damage or access to the Bank’s systems and, therefore, the security of our clients’ financial resources is not compromised.