News Insights: Chilean bank shuts down all branches following ransomware attack | ZDNet

News Insights:

Tony Lambert, intelligence analyst, Red Canary:

“In this case, BancoEstado appears to have done many things right, including properly segmenting its internal network, limiting what the hackers could encrypt. That effort protected mission-critical services to accelerate recovery time. While the affected network didn’t intersect with services like the bank’s website, banking portal, mobile apps, and ATMs, it did serve humans providing essential services to bank operations.

The incident allegedly originated from a malicious Office document received and opened by an employee. This underscores why organizations should strive to provide defense-in-depth, because it leverages such a dynamic array of techniques. Implementing strong email security controls, staying up-to-date with web application patches, and restricting administrative access are low-hanging fruit for better cyber hygiene. The best mitigating control for ransomware is a robust disaster recovery and business continuity strategy that includes backups. One recommended practice is the 3-2-1 method: make at least three copies of data, on at least two different device types, with at least one backup stored offsite.

Additionally, not that this was the case here, but macros can be a point of vulnerability for organizations trying to thwart ransomware attacks. We don’t see macros controls implemented nearly enough in these situations. If an organization doesn’t need document macros from the Internet, there are controls to explore via Microsoft Windows Group Policy Objects to restrict what macros may execute on systems.”