“Everything’s frozen”: Ransomware locks credit union users out of bank accounts
A California-based credit union with over 450,000 members said it suffered a ransomware attack that is disrupting account services and could take weeks to recover from.
“The next few days—and coming weeks—may present challenges for our members, as we continue to navigate around the limited functionality we are experiencing due to this incident,” Patelco Credit Union CEO Erin Mendez told members in a July 1 message that said the security problem was caused by a ransomware attack. Online banking and several other services are unavailable, while several other services and types of transactions have limited functionality.
Patelco Credit Union was hit by the attack on June 29 and has been posting updates on this page, which says the credit union “proactively shut down some of our day-to-day banking systems to contain and remediate the issue… As a result of our proactive measures, transactions, transfers, payments, and deposits are unavailable at this time. Debit and credit cards are working with limited functionality.”
Patelco Credit Union is a nonprofit cooperative in Northern California with $9 billion in assets and 37 local branches. “Our priority is the safe and secure restoration of our banking systems,” a July 2 update said. “We continue to work alongside leading third-party cybersecurity experts in support of this effort. We have also been cooperating with regulators and law enforcement.”
“Everything’s frozen”
Patelco member Enrique Juarez said he was having trouble accessing his Social Security payment, according to the Mercury News. “I’ve never had a problem before,” Juarez told the news organization. “Everything’s frozen, I can’t even check my balance until this is resolved—and they don’t know [when that will happen].”
Patelco says that check and cash deposits should be working, but direct deposits have limited functionality.
Security expert Ahmed Banafa “said Tuesday that it looks likely that hackers infiltrated the bank’s internal databases via a phishing email and encrypted its contents, locking out the bank from its own systems,” the Mercury News reported. Banafa was paraphrased as saying that it is “likely the hackers will demand an amount of money from the credit union to restore its systems back to normal, and will continue to hold the bank’s accounts hostage until either the bank finds a way around the hack or until the hackers are paid.”
Change Healthcare, a health payment processing company hit by ransomware this year, told lawmakers that it paid a ransom of $22 million in bitcoin. Change Healthcare owner UnitedHealth failed to use multifactor authentication on critical systems.
Patelco hasn’t revealed details about how it will recover from the ransomware attack but acknowledged to customers that their personal information could be at risk. “The investigation into the nature and scope of the incident is ongoing,” the credit union said. “If the investigation determines that individuals’ information is involved as a result of this incident, we will of course notify those individuals and provide resources to help protect their information in accordance with applicable laws.”
Patelco waives fees, warns of more outages
Patelco said it is waiving overdraft, late payment, and ATM fees “until we are back up and running.” Members who need to access funds from direct deposits can do so by writing a check, using an ATM card to get cash, or by making a purchase, Patelco said.
As of yesterday, members could expect to “experience short, intermittent outages at Patelco ATMs,” the organization said. “This is normal and to be expected during our recovery process. Access to shared ATMs will not be interrupted as part of this process and they remain available for cash withdrawals and deposits.”
A chart on the security update page says the services that remain unavailable include online banking, the mobile app, outgoing wire transfers, monthly statements, Zelle, balance inquiries, and online bill payments.
Patelco branches, call center services, and live chats have “limited functionality,” as do debit card transactions, credit card transactions, and direct deposits, according to the chart. Services that are listed as available include check and cash deposits, ATM withdrawals, ACH transfers, ACH for bill payments, and in-branch loan payments.
https://arstechnica.com/?p=2035180