Bay Area Credit Union Struggles to Recover After Ransomware Attack

Tens of thousands of Patelco customers remain without access to their accounts, with no estimates for when systems will be restored.

Tens of thousands of customers of Bay Area credit union Patelco remain without access to their accounts, following a crippling ransomware attack on the 88-year-old financial institution.
The June 29 attack forced the credit union to shut down several of its key banking systems in a measure to contain damage and remediate the issue.
In a July 2 update
, CEO Erin Mendez said Patelco is currently working with third-party cybersecurity experts to restore affected systems expeditiously. During the process it is likely that customers could experience intermittent outages at Patelcos ATMs as well. This is normal and to be expected during our recovery process, Mendez said. Access to shared ATMs will not be interrupted as part of this process and they remain available for cash withdrawals and deposits.
Patelco boasts $9 billion in assets and 450,000 members nationwide, and ranks among the larger of the more than
4,500 federal insured credit unions
in the US. Though it primarily serves communities in the Bay Area, San Jose, and Sacramento, Patelcos customers includes employees of more than 1,100 businesses throughout the country.
The ransomware attack impacted the credit unions online banking systems, and systems supporting its mobile app services and call center. Customers were left without access to core electronic transactions such as direct deposit, transfers, balance inquiries, and payments. Our teams are working around the clock with top-tier cybersecurity experts to assess the situation and to restore service to you, Patelco said. Unfortunately, we are unable to provide an ETA on when those systems will be running as expected.
Patelcos travails — and the resulting impact on customers — are typical of major ransomware incidents. Numerous reports, including
one from Cigent
and
another from Statista
, have pegged the average duration of downtime after a ransomware attack as ranging from 21 to 24 days. Thats marginally better than a couple of years ago, when it
took ransomware victims an average of one month
to recover from an attack. Whether you pay the ransom and manage to decrypt your original data or restore from backup, recovery can be a lengthy process, Cigent noted in its report. They involve rebuilding systems, addressing security vulnerabilities, and regaining stakeholder trust, with recovery duration varying based on the attack’s complexity, scope, and the affected organizations preparedness.
Smaller organizations often tend to get hit much harder than large, better resourced organizations.
A new study by Orange Cyberdefense
showed that organizations with fewer than 1,000 employees are four times more likely to experience a cyber-extortion attack compared to medium and large businesses. A lot of it simply has to do with the fact that there are many more small businesses than large ones. So, when attackers launch opportunistic attacks, more smaller organizations get hit than large ones, the study found.
Another complicating factor is the growing tendency among ransomware actors to try and extort victims by stealing data from them and threatening to expose it. Many extortion attacks these days in fact involve data theft only and not data encryption via ransomware. As the
UK National Cyber Security Centre (NCSC) recently noted
, ransomware victims these days need to assume their data has been stolen as well. In the least-worse case scenario, only system data (that is, data involved in the operation of a victims IT processes) will be stolen, the NCSC said. In the worst case, extremely sensitive personal information (such as medical or legal details) is exfiltrated.
A case in point is Memphis-based Evolve Bank & Trust, which recently was the
victim of an attack by the LockBit ransomware group
. The threat actor encrypted some of Evolves systems and exfiltrated a customer database, which it then leaked when the bank refused to pay the demanded ransom.
Patelco has not disclosed the identity of the group behind the ransomware attack on its systems. And no threat actor has claimed responsibility for it thus far. So, its unclear if the credit union will need to deal with the prospect of having both customer and other sensitive data being leaked as well.

Last News
▸ Hackers use hosting providers to launch mass phishing attacks. ◂ Discovered: 27/12/2024 Category: security	▸ Development is the foundation of cloud security. ◂ Discovered: 27/12/2024 Category: security	▸ New exploit found for DarkLeech attacks. ◂ Discovered: 27/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Bay Area Credit Union Struggles to Recover After Ransomware Attack