Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil.

According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident.

Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and proceeded to open.

The incident was reported to the Chilean authorities, who issued a cyber-security alert that warned about a massive ransomware campaign targeting the private sector in the country. 

Despite being spotted by IT experts  at Banco Estado, they concluded that normal operations couldn’t take place on Monday, implying that the damage caused by the ransomware could be worse than expected.

REvil is well-known for auctioning data stolen in their attacks, listing it on their official’s dark web site, and often asking for Monero (XMR) as the method for collecting ransoms.

At 12:57 p.m. ET on Monday, Banco Estado managed to reestablish 21 of its branches in the country with limited services for deposits and remittances, but closed them again at 2:00 p.m. ET.

In June, Cointelegraph reported that REvil stole data from two United States-based law firms. The listing appeared June 6 through REvil’s official blog on the darknet, where bidders look to acquire 50GB of data from Fraser Wheeler & Courtney LLP and 1.2TB of data from the database of Vierra Magen Marcus LLP.