Envision Credit Union Hit By Possible LockBit Ransomware Attack

Envision Credit Union Hit By Possible LockBit Ransomware Attack

Envision Credit Union was hit by a suspected ransomware attack that froze its computer systems with attackers demanding a payment.

Initial signs of a potential ransomware attack emerged this week, which gave reasons to believe the group behind it was LockBit 2.0. The attackers also threatened to publish the stolen data on August 30, according to a New York-based cybersecurity company, Datminr.

A local media outlet Tallahassee Democrat asked the company about the possible cyber attack but wasn’t able to find out any details.

Envision Credit Union only sent the following statement to its customers:

“The credit union started experiencing technical difficulties on some of its systems, even though it has already implemented adequate security measures. We are taking all necessary steps to address the issue, which includes establishing an investigation and notifying law enforcement. We are aware of the situation and are working to ensure that the funds of our members were not put at risk.”

The Kaspersky team has recently written an analysis on the LockBit ransomware gang. They said LockBit is the latest in a series of cybercrime groups advertising that they can automate infection of local computers through a domain controller. They do this with the help of group policies.

LockBit uses the Ransomware as a Service (RaaS) model, where they rent out their infrastructure and malware to the actual attackers for a share of the ransom. This uses so-called double extortion, where they threaten to publish the victim’s sensitive information or data if the victim does not pay up.

This ransomware is used for highly targeted attacks against enterprises and other organizations,” Kaspersky researchers said. “As a self-piloted cyberattack, LockBit attackers have made a mark by threatening organizations globally.”

Most recently, the LockBit ransomware group claimed that it would release over 103 GB of compressed files that it obtained from Thailand’s Bangkok Airways. The Airways did not confirm its servers have been breached.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.