Ongoing Operations hit by a ransomware attack, dozens of credit unions suffer outages
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
A unit of the credit union fintech partner Trellance, called Ongoing Operations, recently suffered a ransomware attack that had far-reaching consequences. According to recent reports, the attack has caused dozens of US credit unions to suffer outages.
What happened?
Ongoing Operations, an information technology solutions provider that Trellance acquired about a year ago, in November 2022, reported being hit by an “isolated cyber security incident,” as it described it. The attack took place on November 26, and it resulted in outages of around 60 of the company’s credit union clients.
Ransomware Attack Causes Outages at 60 Credit Unions
Credit unions reported that the ransomware attack — in which cybercriminals typically lock computer system as an extortion tactic — affected a unit of Trellance, a cloud computing firm provider used by credit unions.
Whenever… pic.twitter.com/0mXEO6aIV7
— UltraMJTruth (@MJTruthUltra) December 2, 2023
The vendor immediately took action, as it revealed in its December 2 statement, addressing the matter and investigating the incident. It also notified federal law enforcement, getting the authorities involved in hopes of quickly handling the highly disruptive situation.
So far, not a lot is known about the attack. The firm shared that it is reviewing the impacted data in order to determine what information was impacted and to whom it belonged.
Two days after the statement was made, one of the affected credit unions, Mountain Valley Federal, sent a message to its members regarding the incident. It simply notified them that, starting on December 4, MVFCU’s data processing system still remains non-operational.
Meanwhile, the National Credit Union Administration also released a statement regarding the attack, noting that it is trying to coordinate with the affected credit unions. Fortunately, many of them have had alternative services set into place in order to continue operation in case of an incident such as this. However, this was clearly not the case for all of them, as Mountain Valley Federal’s message shows.
For the time being, the scope of the ransomware attack is not fully known to the public, as the investigation is still ongoing. Reports say that the identity of the attacker(s) also remains unknown at this time. What is known is that the attack targeted Ongoing Operations directly, as well as a third-party vendor of Trellance, FedComp.
Millions of Americans affected by the attack
Since the attack, a number of cybersecurity experts shared their thoughts and impressions of the incident, including Kevin Beaumont. He said in a blog post that the ransomware group responsible for the attack managed to gain entry to Trellance via Ongoing Operations, while the FedComp platform was not patched for CitrixBleed. He added that the incident has disrupted operations in a way that has impacted millions of US citizens.
NCUA spokesperson, Joe Adamoli, also commented on the situation, saying that the NCUA is working with the affected credit unions. He noted that the outages affected member account availability, and that credit union member deposits remain insured by the National Credit Union Share Insurance Fund up to $250,000.
