Tens of thousands of customers of Bay Area credit union Patelco remain without access to their accounts, following a crippling ransomware attack on the 88-year-old financial institution.
The June 29 attack forced the credit union to shut down several of its key banking systems in a measure to contain damage and remediate the issue.
Restoration Could Take Days In a July 2 update, CEO Erin Mendez said Patelco is currently working with third-party cybersecurity experts to restore affected systems expeditiously.
During the process it is likely that customers could experience intermittent outages at Patelco's ATMs as well.
Patelco boasts $9 billion in assets and 450,000 members nationwide, and ranks among the larger of the more than 4,500 federal insured credit unions in the US. Though it primarily serves communities in the Bay Area, San Jose, and Sacramento, Patelco's customers includes employees of more than 1,100 businesses throughout the country.
The ransomware attack impacted the credit union's online banking systems, and systems supporting its mobile app services and call center.
Customers were left without access to core electronic transactions such as direct deposit, transfers, balance inquiries, and payments.
A Common Pattern Patelco's travails - and the resulting impact on customers - are typical of major ransomware incidents.
Numerous reports, including one from Cigent and another from Statista, have pegged the average duration of downtime after a ransomware attack as ranging from 21 to 24 days.
That's marginally better than a couple of years ago, when it took ransomware victims an average of one month to recover from an attack.
Smaller organizations often tend to get hit much harder than large, better resourced organizations.
A new study by Orange Cyberdefense showed that organizations with fewer than 1,000 employees are four times more likely to experience a cyber-extortion attack compared to medium and large businesses.
When attackers launch opportunistic attacks, more smaller organizations get hit than large ones, the study found.
Another complicating factor is the growing tendency among ransomware actors to try and extort victims by stealing data from them and threatening to expose it.
Many extortion attacks these days in fact involve data theft only and not data encryption via ransomware.
As the UK National Cyber Security Centre recently noted, ransomware victims these days need to assume their data has been stolen as well.
A case in point is Memphis-based Evolve Bank & Trust, which recently was the victim of an attack by the LockBit ransomware group.
The threat actor encrypted some of Evolve's systems and exfiltrated a customer database, which it then leaked when the bank refused to pay the demanded ransom.
Patelco has not disclosed the identity of the group behind the ransomware attack on its systems.
It's unclear if the credit union will need to deal with the prospect of having both customer and other sensitive data being leaked as well.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 03 Jul 2024 19:50:06 +0000