One of Chile's largest banks recently suffered a ransomware attack, a dangerous event but one that showed that with proper measures the damage can be contained.
In this case, BancoEstado appears to have done many things right during the attack earlier this month, including properly segmenting its internal network, limiting what the hackers could encrypt. That effort protected mission-critical services to accelerate recovery time.
While the affected network didn’t intersect with services like the bank's website, banking portal, mobile apps, and ATMs, it did serve humans providing essential services to bank operations.
The incident allegedly originated from a malicious Microsoft Office document received and opened by an employee. This underscores why organizations should strive to provide defense-in-depth, because it leverages such a dynamic array of techniques.
Implementing strong email security controls, staying up-to-date with web application patches, and restricting administrative access are low-hanging fruit for better cyber hygiene. The best mitigating control for ransomware is a robust disaster recovery and business continuity strategy that includes backups. One recommended practice is the 3-2-1 method: Make at least three copies of data, on at least two different device types, with at least one backup stored offsite.
Additionally, not that this was the case here, but macros can be a point of vulnerability for organizations trying to thwart ransomware attacks. We don't see macros controls implemented nearly enough in these situations. If an organization doesn’t need document macros from the internet, there are controls to explore via Microsoft Windows Group Policy Objects to restrict what macros may execute on systems.
