A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor.
This is according to the National Credit Union Administration, which on Friday told The Register it is fire-fighting the situation with the credit unions downed this week by the intrusion.
The NCUA regulates and insures these financial orgs.
"I can confirm that approximately 60 credit unions are currently experiencing some level of outage due to a ransomware attack at a third-party service provider," the NCUA spokesperson said.
"Member deposits at affected federally insured credit unions are insured by the National Credit Union Share Insurance Fund up to $250,000."
We're told the unions' IT provider Ongoing Operations - ironic - was hit by ransomware on Sunday, sparking days of disruption for the biz's clients.
It's believed the cloud provider was infiltrated via the Citrix Bleed vulnerability.
On November 26, 2023, we were victimized by a sophisticated ransomware attack.
Upon discovery, we took immediate action to address and investigate the incident, which included engaging third-party specialists to assist with determining the nature and scope of the event.
At this time, our investigation is currently ongoing, and we will continue to provide updates as necessary.
On Thursday, northern New York's Mountain Valley Federal Credit Union appeared to be one of the many orgs suffering "System downtime" as a result of a ransomware infection at Ongoing Operations.
Mountain Valley's CEO described it as a "Nationwide" issue.
"It has been brought to our attention by our data processor - FedComp Inc, that the third-party vendor of our computer operating system 'Trellance' was the victim of a ransomware attack," boss Maggie Pope said [PDF] in a letter to her credit union members.
Mountain Valley's Pope continued in her note to customers: "Trellance has indicated that our member information has not been affected by this incident. Because of this, Trellance must move to a new server system. Trellance and FedComp have been working around the clock to get our systems along with other credit unions around the country that have experienced the same issue back online."
Pope did not respond to The Register's inquiries, nor did Trellance.
This incident is isolated to a segment of the Ongoing Operations network and our team is diligently working around the clock to minimize service interruptions wherever possible and to ensure the safety of information stored on our systems.
The investigation to determine what impact this incident may have had on information stored on our network systems is ongoing.
We are also engaging leading experts to recommend and implement additional measures designed to increase our data security and block further unauthorized access to our systems moving forward.
According to its website, Trellance has "Hundreds" of customers across the US. A FedComp employee told The Register that both Trellance and FedComp are "Working to fix" the mess, while a FedComp spokesperson said the outfit had "No comment on the third-party incident."
The NCUA told us it has informed the US Treasury Department, CISA, and the FBI about the cyber-break-in.
This Cyber News was published on go.theregister.com. Publication date: Sat, 02 Dec 2023 00:43:06 +0000