On Friday night, a destructive cyber attack paralyzed the operations of the National Bank of Pakistan. The incident affected the bank’s ATM, internal network and mobile applications.Currently, the incident is classified as a malware attack that wipes data, not a ransomware attack.
The incident occurred in the evening between Friday and Saturday and affected the bank’s back-office system, as well as the servers used to connect bank branches, the back-office infrastructure that controls the bank’s ATM network, and the bank’s mobile applications. According to the bank and investigators, although the attack paralyzed some of these systems, no funds were lost.
The bank said in a statement on Saturday: “We immediately took measures to isolate the affected systems. ATMs and some branches were restored before Monday. The restoration work was in full swing over the weekend, and by Monday, more than 1,000 Branches opened normally and provided services to customers, and all ATMs across the country have been fully restored.”
However, despite clear communication by National Bank officials, the news of the hack did not stop some feared customers from rushing to the ATM to withdraw funds on Monday morning. Coupled with some inaccurate reports from local news organizations that as many as 9 different banks were hacked, the Pakistani government had to step in and issue a statement to calm people’s emotions and prevent a run on all Pakistani banks on Monday.
Pakistani security researcher Rafay Baloch shared a screenshot on Twitter earlier today, claiming to depict one of the affected NBP systems. The screenshot shows that oneWindowsThe computer cannot start because the startup configuration file is missing. The malware was pushed through a privileged account in Active Directory, and it disrupted the startup sequence of the computer, making it impossible to start.