Digital banking functions at approximately 60 credit unions have been interrupted by a ransomware attack on a third-party service provider, but there is no evidence that consumer data has been misused, according to the company whose system was compromised.
Ongoing Operations, a credit union information-technology firm,
Neither Ongoing Operations nor its parent company, Trellance, responded to requests for comment.
A spokesman for the National Credit Union Administration confirmed the number of affected entities in a statement Tuesday, adding that the regulatory agency is "in close contact with affected credit unions." He also said member deposits at affected federally insured credit unions are covered up to $250,000.
The incident was a ransomware attack, according to
The core-banking software provider FedComp notified Mountain Valley of the attack against Trellance, according to Pope. FedComp did not respond to a request for comment.
FedComp's own services appear to have been disrupted by the attack. Its data center was "experiencing technical difficulties and is under a country wide outage," according to a notice on the company's website Nov. 30 that was later removed but
FedComp said at the time that "Trellance is still working on resolving the issue." FedComp has not clarified whether its data center is still disrupted, but one credit union said Tuesday it expected to regain access to its own FedComp server "soon."
The market stayed open four extra hours to allow participants to reroute trades Thursday after an attack by cybercrime group Lockbit.
The credit union, NY Bravest Federal Credit Union, serves New York firefighters and is based in Albany. It uses FedComp's core-banking services and has been affected by the attack against Trellance. NY Bravest was anticipating an estimate on Tuesday regarding when its services would return, according to
NY Bravest told members it "went above and beyond" in responding to the outage to ensure members "felt as little disruption as possible," claiming the credit union built its own database after the disruption to give staff and members who reached out to the credit union up-to-date balances.
"While the other credit unions that were affected by this outage sat and waited, NY Bravest FCU went above and beyond and ensured members felt as little disruption as possible," the credit union's notice said.
Before the ransomware attack, Ongoing Operations had failed to patch a vulnerability in the cloud-networking software NetScaler,
Cloud Software Group, the company that owns NetScaler,
On a 0 to 10 scale used to rate the severity of cybersecurity vulnerabilities, Citrix rated the NetScaler vulnerability a 9.4, which is at the high end of the scale.
On Oct. 23, Cloud Software Group
Ongoing Operations is not the only firm that appears to have neglected these warnings about Citrix Bleed. An attack
For his part, Beaumont pointed out multiple pathways for preventing vulnerabilities like Citrix Bleed and the fallout they can produce, including having software vendors better secure their products and outlawing ransom payments. At the moment, he said, ransomware actors — often teenagers receiving huge sums of money in ransom payments — are far more powerful than they ought to be thanks to companies accepting ransomware attacks as somewhat normal.
"We shouldn't have normalized ransomware like we have, especially given the escalating nature of the problem," Beaumont said.
