Search This Blog

Banco Pichincha: Ecuador's Largest Bank Hit by a Cyber Attack

The attack is believed to be a ransomware attack conducted by installing a cobalt strike.


Banco Pichincha, Ecuador's biggest private bank by capitalization and depositors, has been struck by a cyberattack that has crippled its operations and knocked the ATM and online banking website to be unavailable to the users. 

The intrusion happened over the weekend, and the bank had to lock down parts of its network to prevent the attack from spreading to other systems. The bank's systems have been taken down, causing considerable inconvenience, with ATMs no longer functioning and service notifications appearing on internet banking websites. 

The bank has 1.8 million customers, $4.5 billion in assets, and $4 billion in deposits, along with over 200 offices; Banco Pichincha has subsidiaries in Peru (Banco Financiero Per), Colombia (Banco Pichincha) and Panama (Banco Pichincha Panamá). And it also has a representative office in Miami and eight in Spain, comprising two each in Madrid, Barcelona, Murcia, and Comunidad Valenciana. 

Employees were informed that bank applications, email, digital channels, and self-services would be unavailable due to a technological issue, in an internal notification addressed to the Bank's departments. Self-service consumers should be guided to bank teller windows for assistance during the downtime, as per the internal memo. 

Banco Pichincha published a statement on Tuesday afternoon following two days of silence over the bank's technological troubles, acknowledging that their systems were disrupted by a cyberattack. 

The statement read: "In the last few hours, we have identified a cybersecurity incident in our computer systems that have partially disabled our services. We have taken immediate actions such as isolating the systems potentially affected from the rest of our network and have cybersecurity experts assist in the investigation. 

At the moment, our network of agencies, ATMs for cash withdrawals and payments with debit and credit cards are operational. 

This technological incident did not affect the financial performance of the bank. We reiterate our commitment to safeguard the interests of our clients and restore normal care through our digital channels in the shortest possible time. 

We call for calm to avoid generating congestion and to stay informed through the official channels of Banco Pichincha to avoid the spread of false rumors." - Banco Pichincha. 

Although, the origin of the attack has not been revealed to the public by the bank, according to insiders in the cybersecurity field, the hack is a ransomware attack with malicious attackers placing a Cobalt Strike beacon on the network. 

Cobalt Strike is often used by ransomware gangs as well as other threat actors to obtain endurance and access to additional systems on a system.
Share it:

Banco Pichincha

Bank Cyber Security

Cobalt Strike

Cyber Attacks