Chilean officials are making cybersecurity a top priority, as they just learned that hackers stole over $10 million from the country’s second-largest bank, Banco de Chile.

The bank publicly disclosed on May 28, 2018, that it had detected a virus that infected thousands of its workstations. As the investigation unfolded, the company learned that the cyber-attack corrupted the master boot records (MBRs) of 9,000 PCs and servers, leaving them unable to reboot. This attack forced the bank to halt nearly all operations May 24 at almost 400 branches throughout the country. It took almost two weeks for the bank to resume normal services.

What was originally believed to be a virus turned out to be MBR Killer malware. This ‘MBR Killer' malware was created using the open-source Nullsoft Scriptable Install System and uses VMProtect in an attempt to prevent reverse engineering. It damages the MBR by overwriting the first sector of the target's boot disk.

Many believe the malware was just a distraction and that consumer accounts were never the real target of this attack. The bank, however, took protective measures to safeguard consumer accounts by disconnecting 9,000 workstations that were believed to be infected, leaving attackers able to steal millions of dollars from the bank.

Attackers have since then transferred about $10 million through the banks SWIFT international money transfer systems. The bank started canceling these transactions, but not all of them were recovered. Most of the money has been traced back to Hong Kong and it’s believed that the criminal group responsible for the attack is from either Eastern Europe or Asia.

“We found some strange transactions in the SWIFT system. There we realized that the virus was not necessarily the underlying issue, but apparently they wanted to defraud the bank, “said general manager of Banco de Chile, Eduardo Ebensperger.

The company is adamant that the integrity of its customer accounts, funds or transactions has not been impacted in any way.  However, this incident should serve as a stark reminder to financial institutions across the globe that security best practices must be followed and the CIS Controls must be implemented to prioritize security risks within the financial industry.  


Read the article on InfoSecurity Magazine

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.