Envision Credit Union was hit by a suspected ransomware attack that froze its computer systems with attackers demanding a payment.
Initial signs of a potential ransomware attack emerged this week, which gave reasons to believe the group behind it was LockBit 2.0. The attackers also threatened to publish the stolen data on August 30, according to a New York-based cybersecurity company, Datminr.
A local media outlet Tallahassee Democrat asked the company about the possible cyber attack, but wasn’t able to find out any details.
Envision Credit Union only sent the following statement to its customers:
“The credit union started experiencing technical difficulties on some of its systems, even though it has already implemented adequate security measures. We are taking all necessary steps to address the issue, which includes establishing an investigation and notifying law enforcement. We are aware of the situation and are working to ensure that the funds of our members were not put at risk.”
The Kaspersky team has recently written an analysis on the LockBit ransomware gang. They said LockBit is the latest in a series of cybercrime groups advertising that they can automate infection of local computers through a domain controller. They do this with the help of group policies.
LockBit uses the Ransomware as a Service (RaaS) model, where they rent out their infrastructure and malware to the actual attackers for a share of the ransom. This uses so-called double extortion, where they threaten to publish the victim’s sensitive information or data if the victim does not pay up.
“This ransomware is used for highly targeted attacks against enterprises and other organizations,” Kaspersky researchers said. “As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally.”
Most recently, the LockBit ransomware group claimed that it would release over 103 GB of compressed files that it obtained from Thailand’s Bangkok Airways. The Airways did not confirm its servers have been breached.