How an ordinary day turned into a banker’s worst nightmare

Bank of Valletta blacked out its electronic platforms on Wednesday after it suffered a major attack on its system that deals with international transactions. This is how the subsequent hours unfolded.

Bank of Valletta shut down all its systems as a precautionary measure
Bank of Valletta shut down all its systems as a precautionary measure

It had to be an ordinary Wednesday morning for Bank of Valletta staff as they started the day with the usual routine to reconcile international payment transactions.

But minutes into the exercise the staff realised there was a discrepancy between withdrawals and remittances to the tune of €13 million.

The ordinary had suddenly turned into extraordinary. It was the start of a very long day, which saw the bank completely shut down its systems as security experts scrambled to get to the bottom of things.

Kenneth Farrugia, chief business development officer at BOV, tells MaltaToday that within 15 minutes of the problem being flagged, all international transactions were stopped.

I meet him on Thursday morning at the BOV headquarters in Santa Venera where the heavy eyes of staff who worked all night on the problem are pretty evident.

The absolute shut down as a result of a hack is a first in Farrugia’s 33-year-long banking career. “I have never seen something like this in my experience,” he says.

It was around midnight between Wednesday and Thursday that the bank restarted its electronic platforms gradually, including the ATM network.

“We only started switching on our systems when our IT and security people gave us the go ahead that they were safe to do so,” Farrugia says.

The bank has been monitoring ATM performance and activity at their branches on an hourly basis today, making sure that operations are running normally.

False transactions created through the use of malware had siphoned off the millions from the holding account BOV has for international transactions. The money went into bank accounts in the US, UK, Hong Kong and Czechia.

Farrugia says BOV is now in the process of tracing each of the transactions, a process that is expected to take its time, in a bid to recoup the money.

“Some of it may be lost forever because it depends on whether the malware would have caused the initial transaction to be repeated from one foreign bank account to another,” he adds.

The bank has so far not identified the entry point for the malware. “There are many possible entry points, which in itself makes the exercise very laborious but our IT experts are working on it,” he says.

Investigations into the serious hack are ongoing and the police are also involved. A magisterial inquiry is underway.

Farrugia reiterates that no customer accounts were compromised and the decision to switch off all the bank’s electronic platforms was only taken as a precautionary measure.

It was around noon on Wednesday that BOV turned off its systems, shutting down everything. From the company email to its website, from activity at its branches to ATMs and electronic payment terminals in shops, nothing was sparred.

“We did not want to run the risk of having the malware being dormant in some other system and thus the measure was intended to protect customers,” Farrugia says.

The bank’s only line of communication with its clients was through the media and even here officials spoke to journalists with SMS.

Farrugia says the decision was not taken lightly but was necessary until the IT experts could ascertain that the malware had not infected other parts of the system.

“It is not uncommon in these types of hacks to have an initial wave of attacks serve as a diversionary tactic. We wanted to avoid a situation like this, which is when we switched off everything until all verifications were performed,” Farrugia says.

By Thursday morning all the bank’s platforms were up and running, except international transactions, which is where the hack occurred.

All services were restored in less than 24 hours
All services were restored in less than 24 hours

Farrugia says criticism over the major hack from inconvenienced customers is understandable but points out that the bank does not operate in a risk-free environment.

“The security measures around our IT system are continuously being updated and have repelled many such attacks. This was a malware unseen before. These things do happen. What is important is the manner by which we reacted. The problem was identified immediately and swift action taken to stop further damage. We roped in the police immediately and took action to isolate the incident, in the process safeguarding customer deposits. Our response was such to ensure the bank was safely up and running in less than 24 hours,” Farrugia explains.

He says that the bank had kick-started its contingency plans to ensure basic services would be offered to customers on Thursday if the IT systems were not yet operational.

“We were speaking to branch managers on contingency plans to serve customers just the same but our IT people gave us the go-ahead to start switching on the electronic platforms,” Farrugia says.

And he also acknowledges the support the bank received from other banking institutions in Malta. “We are competitors but there was a sense of collegiality in the cooperation we received from other banks,” he says.

The cost of the disruption has not yet been quantified but Farrugia insists the most important thing was to cause the least inconvenience possible to customers by ensuring the bank was up and running securely.

More in National