Banco de Chile falls victim to SWIFT money transfer hack that crashed 9,000 computers and 500 servers

Disk-wiping malware used to cover-up theft of $10m from South American bank

Banco de Chile has admitted to the loss of around $10 million in a cyber attack in May that corrupted the master boot records (MBRs) of 9,000 PCs and servers, rendering them unbootable.

The attack took down branch computer systems across the country, but left online systems up-and-running. In the chaos, the attackers were able to transfer around $10 million via the bank's SWIFT international money transfers system - the latest in a string of attacks targeting the SWIFT system in recent years.

The attack took place on 24 May, according to BleepingComputing, but the bank only admitted that it had suffered a cyber attack on 28 May, and even then claimed that it had only been the victim of a virus.

However, images posted online by bank staff indicated that the malware had affected their PCs' MBRs, rendering the devices unbootable. Investigations conducted in the aftermath indicated that the malware used was KillMBR, which is typically dropped by other malware.

Named 'MBR Killer' by the attackers, the malware was created using the open-source Nullsoft Scriptable Install System and uses VMProtect in a bid to prevent reverse engineering. It borks the MBR by overwriting the first sector of the target's boot disk.

That's according to Trend Micro, which last week published a report on an unnamed South American bank that it was recently called-in to investigate that also, coincidentally, lost $10 million in a cyber attack in May.

Trend Micro suggested that the KillMBR attack was deployed as a distraction while the attackers siphoned off the $10m via infiltration of the bank's SWIFT systems.

Banco de Chile only finally admitted the full extent of the attacks over the weekend and the loss of $10 million following the report on Friday by BleepingComputer.

The attack on Banco de Chile comes after Mexico's Bancomext went public on a foiled attempt to steal $110 million in January. Subsequently, attackers targeting Mexico's domestic payments system, SPEI, were able to steal as much as $15 million.

The Bancomext attack has been linked with North Korea, which is also believed to have been behind a string of attack on banks' SWIFT international payments systems.

These include an audacious attempt to steal $951 million from Bangladesh Bank, the central bank of Bangladesh, which was only foiled by a clerk at a correspondent bank querying a spelling error, limiting Bangladesh Bank's losses to $81 million.