December 1, 2023 at 07:10PM
A ransomware attack on IT provider Ongoing Operations disrupted services for about 60 US credit unions. The National Credit Union Administration is addressing the issue with affected credit unions, assuring that member deposits are insured. The attack exploited the Citrix Bleed flaw, with ongoing recovery efforts.
**Key Takeaways from Meeting Notes:**
1. **Incident Overview:**
– A ransomware attack targeted a cloud IT provider, causing service disruptions affecting approximately 60 credit unions in the US.
– The attack impacted clients of Ongoing Operations, a firm owned by Trellance which supplies services like disaster recovery and hosted applications to credit unions.
2. **Regulatory Response:**
– The National Credit Union Administration (NCUA) is actively engaged in managing the situation post-attack.
– The NCUA has confirmed the service outages and reassured that member deposits are insured up to $250,000 by the National Credit Union Share Insurance Fund.
3. **Infiltration Details:**
– The cloud provider, Ongoing Operations, was reportedly infiltrated via the Citrix Bleed vulnerability.
– The ransomware attack occurred on Sunday and led to prolonged service disruptions.
4. **Credit Union Impact:**
– Mountain Valley Federal Credit Union in New York is one of the known affected organizations, with system downtime and disrupted operations.
– Their CEO, Maggie Pope, indicated that no member information had been compromised, but a migration to a new server system is necessary.
5. **Communications and Status:**
– Trellance and Ongoing Operations have been working continuously to restore services.
– FedComp, a processor for credit unions, acknowledged technical difficulties without providing an estimated time of resolution.
– External inquiries to the affected entities by The Register were not responded to at the time of the report.
6. **Client Communication:**
– Trellance has advised customers that their information hasn’t been affected and is transitioning to a new server system in response to the incident.
7. **Extended Impact and Resolution Efforts:**
– Both Trellance and FedComp are actively working to resolve the aftermath of the ransomware attack.
– Trellance’s customer base includes “hundreds” of credit unions across the US.
8. **Governmental Notification:**
– The NCUA has reported the cyber breach to the US Treasury Department, the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI.
*Note: The information is based on the current knowledge up to the date of the notes provided and is subject to change as the situation develops and new information becomes available.*