Hackers Crashed a Bank’s Computers While Attempting a SWIFT Hack
Hackers have used a disk-wiping malware to sabotage hundreds of computers at a bank in Chile to distract staff while they were attempting to steal money via the bank’s SWIFT money transferring system. The attempted hack took place on May 24, this year. On that day, the Banco de Chile, the country’s biggest bank, reported all-around systems failures that affected the computers at several of its branches.
While its online systems kept working, several in-bank operations were impossible to carry out, according to reports in the local press [1, 2, 3]. That virus wasn’t just any malware, though. According to images posted online by bank employees, the malware crashed infected PCs, leaving them in a non-bootable state, suggesting it was affecting hard drives’ Master Boot Records (MBRs) a-la NotPetya.
According to a screenshot of private IM conversations posted on a Chilean forum, the alleged ‘virus’ crashed over 9,000 computers and over 500 servers. According to a security alert sent out by another IT company in the aftermath of the Banco de Chile hack, the virus was identified under various names, including KillMBR, a term previously used by Trend Micro experts for the KillDisk disk wiper and fake ransomware. The KillDisk malware is a well-known threat that has been used in the past in hacks targeting banks and financial institutions.
It’s main functionality is to wipe disk —hence destroying forensics data— and then pose as a ransomware infection by showing a ransom note on the user’s screen.