BR +55 11 3069 3925 | USA +1 469 620 7643

  • BLOG
  • Português
  • BR +55 11 3069 3925 | USA +1 469 620 7643
  • Português
logo senhasegura
  • SOLUTIONS
  • PRODUCTS
  • SERVICES AND SUPPORT
  • PARTNERS
  • COMPANY
  • CONTACT
  • DEMO

Compliance

and Audit

Audit

PCI DSS

SOX

ISO 27001

HIPAA

NIST

GDPR

ISA 62443 |

Industry 4.0

Security and

Risk Management

Privilege Abuse

Third Party Access

Privileged Access Recording

Insider Threat

Data Theft Prevention

Hardcoded Passwords

Password Reset

Solutions

By Industry

Energy and Utilities

Financial

Government

Health Care

Legal

Telecoms

Retail

senhasegura

Testimonials

See Testimonials

360º Privilege Platform

Account and

Session

PAM Core

Domum

Remote Access

MySafe

GO Endpoint

Manager

GO Endpoint

Manager Windows

GO Endpoint

Manager Linux

DevOps Secret

Manager

DevOps Secret

Manager

Multi

Cloud

Cloud IAM

Cloud Entitlements

Certificate

Manager

Certificate

Manager

Privileged

Infrastructure

PAM Crypto Appliance

PAM Load Balancer

Delivery : On Cloud (SaaS) | On-premises | Hybrid

Services

and Support

Documentation

Solution Center

Suggestions

Training and Certification

Deployment and Consulting

PAMaturity

PAM 360º

Support Policy

senhasegura

Resources

Rich Materials

Customer Cases

Webinars Calendar

senhasegura Stickers

BLOG

CONTENT

Is your company really prepared for a cyber attack?

The Pillars of Information Security

7 signs that your company needs to improve the security of sensitive data

See more articles about cybersecurity

Technical

Information

How it works

Product Archicture

Integration

Security

High availability and contingency

Privileged Auditing (Configuration)

Privileged Change Audit

Features and

Functionalities

ITSM Integration

Behavior Analysis

Threat Analysis

Privileged Information Protection

Scan Discovery

Task Management

Session Management (PSM)

Application Identity (AAPM)

SSH Key Management

Affinity Partner

Program

About the Program

Become a Partner

MSSP Affinity Partner Program

Security Alliance Program

Academy | E-learning for Certification

Affinity

Portal

Portal dedicated only for Partners to find commercial, marketing supporting materials and certification program of senhasegura.

Access Partner Portal

Opportunity

Booking

For our Commercial Team to support your sale more effectively, request your opportunity booking here.

Opportunity Booking Request

Find a

Partner

We work together to offer a better solution for your company.

Check all senhasegura partners

About

Company

About us

Achievements

Why senhasegura

Press Release

Press Room

Events

Career

Presence in the World

Terms of Use

End User License Agreement (EULA)

Privacy and Cookie Policy

Information Security Policy

Certification at senhasegura

senhasegura

Testimonials

See Testimonials

Latest Reports

and Awards

KuppingerCole Leadership Compass Report for PAM 2023

Frost & Sullivan Customer Value Leadership Award 2022

Gartner PAM Magic Quadrant 2021 Report

KuppingerCole Leadership Compass: PAM 2021

GigaOm Radar Report 2021

Gartner PAM Magic Quadrant 2020

Gartner Critical Capabilities for PAM 2020

Information Services Group, Inc. (ISG)

KuppingerCole Leadership Compass: PAM 2020

Contact our team

Request a Demonstration

Cyberattack: another big company is a ransomware victim

by senhasegura Blog Team | Sep 18, 2020 | BLOG

Another cyberattack with devastating consequences for financial institutions. The target now was BancoEstado, one of the three largest Chilean banks, which was affected by ransomware on September 6. According to a statement to Chile’s Cybersecurity Incident Response Team (CSIRT), the cyberattack is believed to have involved the Sodinokibi ransomware, also known as Revil.

On the 6th, the bank informed through a statement that it had detected malicious software in its operating systems and that their platforms could have some kind of unavailability due to the incident. However, ATMs and Internet Banking were not affected, nor were the resources of its customers or the institution itself. It is believed that the attack, again, was orchestrated through Social Engineering, when one of the bank’s employees opened an Office document infected with the virus.

By compromising the employee’s machine, the attacker was able, through lateral movement, to infect more than 12,000 endpoints and affect the operations of all 416 branches of the Chilean bank.

After detecting the cyberattack on the 5th, Saturday, BancoEstado reported the incident to the Comisión para el Mercado Financiero (CMF), the equivalent of our Securities and Exchange Commission (CVM), which soon issued an alert to the Chilean banking system. 

Long lines formed in the days following the cyberattack in front of BancoEstado branches. Account holders have complained on Twitter about various anomalies in their accounts, such as uncredited transfers to destination accounts, as well as lack of access to investment accounts, and inconsistent data in the amount totals. At the same time, there are reports that cybercriminals have started spam campaigns on behalf of the bank to capture customer credentials.

An attack of this magnitude indicates major flaws in the control of access to internal networks, including an efficient monitoring and response system. This involves the lack of computational and human resources for adequate response to incidents.

Another organization victim of the same ransomware that hit BancoEstado, in July this year, was Telecom Argentina, the country’s largest telephone operator. In this specific case, the required amount was US $ 7.5 million.

Learn more: How to protect your company from insiders threats?

 

But, what is the Sodinokibi ransomware and how does it work?

Sodinokibi is a family of ransomware that affects Windows systems and encrypts important files, requesting a cash amount to decrypt them. The ransomware creators are also associated with other malicious software, GandCrab, which was already linked to approximately 40% of global ransomware infections before being retired by its creators in June 2019. Thus, one can already have an idea of the potential for Sodinokibi infection.

The first difference noticed by users when having their device infected by ransomware is an infection warning, when the files are already encrypted. The ransom instructions are also visible on the user’s Desktop.

More than ever, cyberattacks through ransomware are among the biggest risks for organizations of all sizes and industries. According to the Mid-Year Threat Landscape Report 2020, there was a 750% increase in attack attempts through malicious software involving ransoms. And not only is the number of these attacks increasing but so is their sophistication.

In many cases, malicious attackers use threats against their victims to leak encrypted data, something that can compel them to pay the high amounts required as a ransom. One of the causes is the heavy sanctions that organizations are subject to in case of data leaks. If the leak involves personal data of European citizens and the organization is subject to GDPR, the fine could reach up to 50 million euros. If it takes place in Brazil and the LGPD is applied, this amount can reach up to 50 million reais. 

One of the ways to mitigate the risks associated with a ransomware infection is to ensure that security updates are applied as soon as they are released by developers. By doing this, one can prevent malicious attackers from exploiting vulnerabilities to infect the environment. The implementation of features such as Multifactor Authentication is another strategy that prevents hackers from moving laterally through the environment and infecting even more endpoints.

Cybersecurity teams must also perform backups of their systems, as well as periodic testing as part of their disaster recovery and incident response plans. Thus, it is possible to guarantee that the systems are recovered without the need to pay a ransom.

Deploying a PAM solution such as senhasegura is also an excellent way to mitigate cybersecurity (and business) risks associated with ransomware infection. 

Through our Privilege Elevation and Delegation Management solution, senhasegura.go, one can segregate access to sensitive information, isolating critical environments, and correlating events to identify any suspicious behavior. By controlling lists of authorized, notified, and blocked actions with different permissions for each user, senhasegura.go allows reducing the risks linked to the installation of malicious software and abuse of privilege, which can compromise the environment. Finally, through senhasegura, one can overcome the challenges of implementing controls for data protection legislation such as GDPR and LGPD, as well as PCI, ISO, SOX, and NIST regulations, with the automation of privileged access controls to achieve maturity in the audited processes.


Referring back to the BancoEstado case, a team of Microsoft security experts took action to try to recover the systems and resume the bank’s operations. As of September 11, approximately 350 branches had been reopened, with the expectation of a full recovery of operations by the following days. However, the consequences of the cyberattack are clear: loss of revenue (and probably customers), in addition to reputational damage and possible penalties for the incident

← How to protect your company from insiders threats? 9 Essential Features or Good Practices for a Privileged Access Management Solution (PAM) →

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...
Read More

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...
Read More

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...
Read More

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...
Read More

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...
Read More
Copyright 2023 senhasegura | All Rights Reserved | Powered by MT4 Group