Ecuador’s largest private bank, Banco Pichincha, suffered a cyber attack that disrupted operations and took the ATM and online banking portal offline.
The cyberattack occurred over the weekend, forcing the bank to shut down parts of its network to prevent the attack from spreading to other systems.
The systems shutdown caused widespread disruption for the bank, with ATMs no longer functioning and online banking portals showing maintenance messages.
In an internal notification sent to the Bank’s branches and seen by TechToSee, employees are informed that banking apps, emails, digital channels and self-services will not be operational due to a technology issue.
The internal document further states that self-service customers should be directed to bank teller counters for service during the outage.
After two days of silence regarding the technical difficulties of the bank, Banco Pichincha issued a statement on Tuesday afternoon admitting to having suffered a cyberattack which resulted in the disruption of its systems.
You can read the statement translated into English below:
“In the last few hours, we have identified a cybersecurity incident in our IT systems that partially disabled our services. We took immediate action such as isolating potentially affected systems from the rest of our network and cybersecurity experts to help us investigate.
At present, our network of branches, ATMs for cash withdrawals and debit and credit card payments is operational.
This technological incident did not affect the financial performance of the bank. We reiterate our commitment to protect the interests of our clients and restore normal care through our digital channels as soon as possible.
We call for calm to avoid generating traffic jams and to stay informed through the official Banco Pichincha channels to avoid the spread of false rumors. “- Banco Pichincha.
Today, the online banking portal still displays a maintenance message, but customers can now access their accounts online. Unfortunately, the mobile app is still closed since the attack.
Likely a ransomware attack
At this time, Banco Pichincha has not publicly disclosed the nature of the attack. However, sources in the cybersecurity industry told TechToSee that it was a ransomware attack with malicious actors installing a Cobalt Strike beacon on the network.
Ransomware gangs and other threat actors commonly use Cobalt Strike to gain persistence and gain access to other systems on a network.
In February, Banco Pichincha suffered another cyberattack from cybercriminals known as “Hotarus Corp” who claimed to have stolen files from the bank’s network.
Pichincha disputed the hacker’s claims and said that one of their vendors was violated instead.
“We know there has been unauthorized access to the systems of a vendor that provides marketing services for the Pichincha Miles program,” Banco Pichincha said at the time.
“With regard to this information leak, and on the basis of a thorough investigation, we have found no evidence of damage or access to the Bank’s systems and, therefore, the security of the financial resources of our customers are not compromised. “
TechToSee has contacted Banco Pichincha with questions regarding the attack and will update the article if we receive a response.
Update 12/10/21: Added a fix indicating that ATMs are working again.
- Pacific City Bank reveals ransomware attack claimed by AvosLocker
- Howard University shuts down network after ransomware attack
- Hydra malware targets customers of Germany’s second largest bank
- United Health Centers ransomware attack claimed by Vice Society
- Accenture confirms data breach after ransomware attack in August